Merge branch 'master' into gniibe/t6275

2024-12-22 10:19:57 +01:00 · 2023-01-24 15:29:51 +09:00 · 2023-01-24 15:29:51 +09:00 · 8e2207ecb9
commit 8e2207ecb9
parent a3df10c2b0 eae28f1bd4
104 changed files with 2231 additions and 1412 deletions
--- a/2
+++ b/2
@ -16,7 +16,7 @@ List of Copyright holders
 =========================
  Copyright (C) 1997-2019 Werner Koch
-  Copyright (C) 2003-2022 g10 Code GmbH
+  Copyright (C) 2003-2023 g10 Code GmbH
  Copyright (C) 1994-2021 Free Software Foundation, Inc.
  Copyright (C) 2002 Klarälvdalens Datakonsult AB
  Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper <drepper@gnu.ai.mit.edu>
--- a/Makefile.am
+++ b/Makefile.am
@ -24,7 +24,7 @@
 # Location of the released tarball archives.  This is prefixed by
 # the variable RELEASE_ARCHIVE in ~/.gnupg-autogen.rc.  For example:
 # RELEASE_ARCHIVE=user@host:archive/tarballs
-RELEASE_ARCHIVE_SUFFIX  = gnupg/v2.3
+RELEASE_ARCHIVE_SUFFIX  = gnupg/v2.4
 # The variable RELEASE_SIGNKEY in ~/.gnupg-autogen.rc is used
 # to specify the key for signing.  For example:
 # RELEASE_SIGNKEY=D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
@ -238,11 +238,26 @@ release:
 	 ./autogen.sh --force; \
 	 cd $(abs_top_builddir); \
 	 rm -rf dist; mkdir dist ; cd dist ; \
         mkopt=""; \
 	 if [ -n "$$CUSTOM_SWDB" ]; then \
            mkopt="CUSTOM_SWB=1"; \
 	    x=$$(grep '^OVERRIDE_TARBALLS=' \
                 $$HOME/.gnupg-autogen.rc|cut -d= -f2);\
 	    if [ -f "$$x/swdb.lst" ]; then \
 	      echo "/* Copying swdb.lst from the overrides directory */"; \
              cp "$$x/swdb.lst" . ; \
              cp "$$x/swdb.lst.sig" . ; \
 	    fi; \
 	 fi; \
 	 echo "/* Running configure */";\
 	 $(abs_top_srcdir)/configure --enable-maintainer-mode; \
 	 echo "/* Running make distcheck */";\
 	 $(MAKE) distcheck TESTFLAGS=--parallel; \
 	 echo "/* Unpacking release */";\
 	 $(AMTAR) xjf $(RELEASE_NAME).tar.bz2 ;\
 	 target=w32-release ;\
 	 [ -n "$(WITH_MSI)" ] && target=w32-msi-release ;\
 	 echo "/* Running $(MAKE) -f  $(RELEASE_NAME)/build-aux/speedo.mk $${target} */";\
 	 $(MAKE) -f  $(RELEASE_NAME)/build-aux/speedo.mk $${target} ;\
 	 echo "/* Build finished at $$(date -uIseconds) */" ;\
 	 echo "/*" ;\
--- a/77
+++ b/77
@ -1,7 +1,74 @@
-Noteworthy changes in version 2.3.9 (unreleased)
+Noteworthy changes in version 2.4.1 (unreleased)
 ------------------------------------------------
 Noteworthy changes in version 2.4.0 (2022-12-16)
 ------------------------------------------------
  * gpg: New command --quick-update-pref.  [rGd40d23b233]
  * gpg: New list-options show-pref and show-pref-verbose.
    [rG811cfa34cb]
  * gpg: New option --list-filter to restrict key listings like
      gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519'
    [rG1324dc3490]
  * gpg: New --export-filter export-revocs.  [rGc985b52e71]
  * gpg: Also import stray revocation certificates.  [rG7aaedfb107]
  * gpg: Add a notation to encryption subkeys in de-vs mode.  [T6279]
  * gpg: Improve signature verification speed by a factor of more than
    four.  Double detached signing speed.  [T5826]
  * gpg: Allow only OCB for AEAD encryption.  [rG5a2cef801d]
  * gpg: Fix trusted introducer for mbox only user-ids.  [T6238]
  * gpg: Report an error via status-fd for receiving a key from the
    agent.  [T5151]
  * gpg: Make --require-compliance work without the --status-fd
    option.  [rG2aacd843ad]
  * gpg: Fix verification of cleartext signatures with overlong lines.
    [T6272]
  * agent: Fix import of protected OpenPGP v5 keys.  [T6294]
  * gpgsm: Change the default cipher algorithm from AES128 to AES256.
    Also announce support for this in signatures.  [rG2d8ac55d26]
  * gpgsm: Always use the chain validation model if the root-CA
    requests this.  [rG7fa1d3cc82]
  * gpgsm: Print OCSP revocation date and reason in cert listings.
    [rGb6abaed2b5]
  * agent: Support Win32-OpenSSH emulation by gpg-agent.  [T3883]
  * scd: Support the Telesec Signature Card v2.0.  [T6252]
  * scd: Redact --debug cardio output of a VERIFY APDU.  [T5085]
  * scd: Skip deleted pkcs#15 records in CARDOS 5.  [rG061efac03f]
  * dirmngr: Fix build with no LDAP support.  [T6239]
  * dirmngr: Fix verification of ECDSA signed CRLs.  [rG868dabb402]
  * wkd: New option --add-revocs for gpg-wks-client.  [rGc3f9f2d497]
  * wkd: Ignore expired user-ids in gpg-wks-client.  [T6292]
  * card: New commands "gpg" and "gpgsm".  [rG9c4691c73e]
  See-also: gnupg-announce/2022q4/000477.html
  Release-info: https://dev.gnupg.org/T6303
 Noteworthy changes in version 2.3.8 (2022-10-13)
 ------------------------------------------------
@ -61,6 +128,7 @@ Noteworthy changes in version 2.3.8 (2022-10-13)
    GNUPG_EXEC_DEBUG_FLAGS is used.  [rG4ef8516a79]
  Release-info: https://dev.gnupg.org/T6106
  See-also: gnupg-announce/2022q4/000476.html
 Noteworthy changes in version 2.3.7 (2022-07-11)
@ -142,6 +210,7 @@ Noteworthy changes in version 2.3.7 (2022-07-11)
  * gpgconf: New short options -V and -X
  Release-info: https://dev.gnupg.org/T5947
  See-also: gnupg-announce/2022q3/000474.html
 Noteworthy changes in version 2.3.6 (2022-04-25)
@ -1469,6 +1538,12 @@ Noteworthy changes in version 2.3.0 (2021-04-07)
 Release dates of 2.2 versions
 -----------------------------
 Version 2.2.40 (2022-10-10) https://dev.gnupg.org/T6181
 Version 2.2.39 (2022-09-02) https://dev.gnupg.org/T6175
 Version 2.2.38 (2022-09-01) https://dev.gnupg.org/T6159
 Version 2.2.37 (2022-08-24) https://dev.gnupg.org/T6105
 Version 2.2.36 (2022-07-06) https://dev.gnupg.org/T5949
 Version 2.2.35 (2022-04-25) https://dev.gnupg.org/T5928
 Version 2.2.34 (2022-02-07) https://dev.gnupg.org/T5703
 Version 2.2.33 (2021-11-23) https://dev.gnupg.org/T5641
 Version 2.2.32 (2021-10-06) https://dev.gnupg.org/T5601
--- a/40
+++ b/40
@ -1,10 +1,10 @@
-                       The GNU Privacy Guard 2
+                       The GNU Privacy Guard
-                      =========================
+                      =======================
-                            Version 2.3
+                            Version 2.4
          Copyright 1997-2019 Werner Koch
          Copyright 1998-2021 Free Software Foundation, Inc.
-          Copyright 2003-2022 g10 Code GmbH
+          Copyright 2003-2023 g10 Code GmbH
 * INTRODUCTION
@ -27,7 +27,7 @@
 * BUILD INSTRUCTIONS
-  GnuPG 2.3 depends on the following GnuPG related packages:
+  GnuPG 2.4 depends on the following GnuPG related packages:
    npth         (https://gnupg.org/ftp/gcrypt/npth/)
    libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
@ -74,7 +74,7 @@
  You may run
-    gpgconf --list-dirs
+    gpgconf -L
  to view the directories used by GnuPG.
@ -113,6 +113,31 @@
 * RECOMMENDATIONS
 ** Key database daemon
  Since version 2.3.0 it is possible to store the keys in an SQLite
  database instead of the keyring.kbx file.  This is in particular
  useful for large keyrings or if many instances of gpg and gpgsm may
  run concurrently.  This is implemented using another daemon process,
  the "keyboxd".  To enable the use of the keyboxd put the option
  "use-keyboxd" into the configuration file ~/.gnupg/common.conf or the
  global /etc/gnupg/common.conf.  See also doc/examples/common.conf.
  Only public keys and X.509 certificates are managed by the keyboxd;
  private keys are still stored as separate files.
  Note that there is no automatic migration; if the use-keyboxd option
  is enabled keys are not taken from pubring.kbx.  To migrate existing
  keys to the keyboxd do this:
  1. Disable the keyboxd (remove use-keyboxd from common.conf)
  2. Export all public keys
       gpg --export --export-options backup  > allkeys.gpg
       gpgsm --export --armor                > allcerts.gpg
  3. Enable the keyboxd (add use-keyboxd to common.conf)
  4. Import all public keys
       gpg --import --import-options restore < allkeys.gpg
       gpgsm --import                        < allcerts.crt
 ** Socket directory
  GnuPG uses Unix domain sockets to connect its components (on Windows
@ -203,8 +228,7 @@
  offers see https://gnupg.org/service.html .  Maintaining and
  improving GnuPG requires a lot of time.  Since 2001, g10 Code GmbH,
  a German company owned and headed by GnuPG's principal author Werner
-  Koch, is bearing the majority of these costs.  To keep GnuPG in a
+  Koch, is bearing the majority of these costs.
  healthy state, they need your support.
 # This file is Free Software; as a special exception the authors gives
 # unlimited permission to copy and/or distribute it, with or without
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@ -19,10 +19,8 @@
 bin_PROGRAMS = gpg-agent
 libexec_PROGRAMS = gpg-protect-tool
 if !HAVE_W32CE_SYSTEM
 # fixme: Do no use simple-pwquery for preset-passphrase.
 libexec_PROGRAMS += gpg-preset-passphrase
 endif
 noinst_PROGRAMS = $(TESTS)
 EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc all-tests.scm
@ -66,11 +64,7 @@ gpg_agent_SOURCES = \
 common_libs = $(libcommon)
 commonpth_libs = $(libcommonpth)
 if HAVE_W32CE_SYSTEM
 pwquery_libs =
 else
 pwquery_libs = ../common/libsimple-pwquery.a
 endif
 gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \
@ -79,7 +73,7 @@ gpg_agent_LDADD = $(commonpth_libs) \
                $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
 	        $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
 		$(resource_objs)
-gpg_agent_LDFLAGS = $(extra_bin_ldflags)
+gpg_agent_LDFLAGS =
 gpg_agent_DEPENDENCIES = $(resource_objs)
 gpg_protect_tool_SOURCES = \
--- a/agent/command.c
+++ b/agent/command.c
@ -2624,7 +2624,7 @@ cmd_scd (assuan_context_t ctx, char *line)
      argc = split_fields (l, argv, DIM (argv));
      /* These commands are allowed.  */
-      if ((argc == 1 && !strcmp (argv[0], "SERIALNO"))
+      if ((argc >= 1 && !strcmp (argv[0], "SERIALNO"))
          || (argc == 2
              && !strcmp (argv[0], "GETINFO")
              && !strcmp (argv[1], "version"))
--- a/am/cmacros.am
+++ b/am/cmacros.am
@ -57,19 +57,6 @@ if GNUPG_DIRMNGR_LDAP_PGM
 AM_CPPFLAGS += -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
 endif
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
 # the WindowsMobile 6 platform and thus we need to use the coredll6
 # import library.  We also want to use a stacksize of 256k instead of
 # the 2MB which is the default with cegcc.  256k is the largest stack
 # we use with pth.
 if HAVE_W32CE_SYSTEM
 extra_sys_libs = -lcoredll6
 extra_bin_ldflags = -Wl,--stack=0x40000
 else
 extra_sys_libs =
 extra_bin_ldflags =
 endif
 if HAVE_W32_SYSTEM
 .rc.o:
 	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
--- a/autogen.sh
+++ b/autogen.sh
@ -1,6 +1,6 @@
 #! /bin/sh
 # autogen.sh
-# Copyright (C) 2003, 2014, 2017, 2018 g10 Code GmbH
+# Copyright (C) 2003, 2014, 2017, 2018, 2022 g10 Code GmbH
 #
 # This file is free software; as a special exception the author gives
 # unlimited permission to copy and/or distribute it, with or without
@ -15,7 +15,7 @@
 # configure it for the respective package.  It is maintained as part of
 # GnuPG and source copied by other packages.
 #
-# Version: 2018-02-21
+# Version: 2022-12-09
 configure_ac="configure.ac"
@ -137,8 +137,6 @@ extraoptions=
 # List of optional variables sourced from autogen.rc and ~/.gnupg-autogen.rc
 w32_toolprefixes=
 w32_extraoptions=
 w32ce_toolprefixes=
 w32ce_extraoptions=
 w64_toolprefixes=
 w64_extraoptions=
 amd64_toolprefixes=
@ -146,7 +144,6 @@ amd64_toolprefixes=
 # What follows are variables which are sourced but default to
 # environment variables or lacking them hardcoded values.
 #w32root=
 #w32ce_root=
 #w64root=
 #amd64root=
@ -163,11 +160,6 @@ case "$1" in
        myhost="w32"
        shift
        ;;
    --build-w32ce)
        myhost="w32"
        myhostsub="ce"
        shift
        ;;
    --build-w64)
        myhost="w32"
        myhostsub="64"
@ -274,12 +266,6 @@ fi
 # ******************
 if [ "$myhost" = "w32" ]; then
    case $myhostsub in
        ce)
          w32root="$w32ce_root"
          [ -z "$w32root" ] && w32root="$HOME/w32ce_root"
          toolprefixes="$w32ce_toolprefixes arm-mingw32ce"
          extraoptions="$extraoptions $w32ce_extraoptions"
          ;;
        64)
          w32root="$w64root"
          [ -z "$w32root" ] && w32root="$HOME/w64root"
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@ -141,6 +141,10 @@ help-wixlib:
 	@echo 'Afterwards w32-msi-release will also build a wixlib.'
 # NB: we can't use +$(MAKE) here because we would need to define the
 # dependencies of our packages.  This does not make much sense given that
 # we have a clear order in how they are build and concurrent builds
 # would anyway clutter up the logs.
 SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1
 native: check-tools
@ -235,7 +239,7 @@ STATIC=0
 # external packages.
 TARBALLS=$(shell pwd)/../tarballs
-#  Number of parallel make jobs
+#  Number of parallel make jobs for each package
 MAKE_J=3
 # Name to use for the w32 installer and sources
@ -258,6 +262,8 @@ $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS))
 $(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE))
 $(eval $(call READ_AUTOGEN_template,OSSLPKCS11ENGINE))
 $(eval $(call READ_AUTOGEN_template,SCUTEMODULE))
 $(eval $(call READ_AUTOGEN_template,OVERRIDE_TARBALLS))
 # All files given in AUTHENTICODE_FILES are signed before
 # they are put into the installer.
@ -267,6 +273,7 @@ AUTHENTICODE_FILES= \
                    gpg-agent.exe             \
                    gpg-connect-agent.exe     \
                    gpg-preset-passphrase.exe \
                    gpg-check-pattern.exe     \
                    gpg-wks-client.exe        \
                    gpg.exe                   \
                    gpgconf.exe               \
@ -884,14 +891,14 @@ endif
 # The playground area is our scratch area, where we unpack, build and
 # install the packages.
 $(stampdir)/stamp-directories:
-	$(MKDIR) $(root) || true
+	$(MKDIR) -p $(root)
-	$(MKDIR) $(stampdir) || true
+	$(MKDIR) -p $(stampdir)
-	$(MKDIR) $(sdir)  || true
+	$(MKDIR) -p $(sdir)
-	$(MKDIR) $(bdir)  || true
+	$(MKDIR) -p $(bdir)
-	$(MKDIR) $(idir)   || true
+	$(MKDIR) -p $(idir)
 ifeq ($(TARGETOS),w32)
-	$(MKDIR) $(bdir6)  || true
+	$(MKDIR) -p $(bdir6)
-	$(MKDIR) $(idir6)   || true
+	$(MKDIR) -p $(idir6)
 endif
 	touch $(stampdir)/stamp-directories
@ -1010,6 +1017,13 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories
 	   cd "$$$${pkg}"; 				\
 	   AUTOGEN_SH_SILENT=1 ./autogen.sh;            \
         elif [ -n "$$$${tar}" ]; then			\
           tar2="$(OVERRIDE_TARBALLS)/$$$$(basename $$$${tar})";\
           if [ -f "$$$${tar2}" ]; then                 \
             tar="$$$$tar2";                            \
             echo "speedo: /*";                         \
             echo "speedo:  * Note: using an override"; \
             echo "speedo:  */";                        \
           fi;                                          \
 	   echo "speedo: unpacking $(1) from $$$${tar}"; \
           case "$$$${tar}" in				\
             *.gz) pretar=zcat ;;	   		\
@ -1535,9 +1549,10 @@ endif
 #
-# Check availibility of standard tools
+# Check availibility of standard tools and prepare everything.
 #
-check-tools:
+check-tools: $(stampdir)/stamp-directories
 #
--- a/common/compliance.c
+++ b/common/compliance.c
@ -83,7 +83,9 @@ gnupg_initialize_compliance (int gnupg_module_name)
  log_assert (! initialized);
  /* We accept both OpenPGP-style and gcrypt-style algorithm ids.
-   * Assert that they are compatible.  */
+   * Assert that they are compatible. At some places gcrypt ids are
   * used which can't be encoded in an OpenPGP algo octet; we also
   * assert this.  */
  log_assert ((int) GCRY_PK_RSA          == (int) PUBKEY_ALGO_RSA);
  log_assert ((int) GCRY_PK_RSA_E        == (int) PUBKEY_ALGO_RSA_E);
  log_assert ((int) GCRY_PK_RSA_S        == (int) PUBKEY_ALGO_RSA_S);
@ -91,6 +93,9 @@ gnupg_initialize_compliance (int gnupg_module_name)
  log_assert ((int) GCRY_PK_DSA          == (int) PUBKEY_ALGO_DSA);
  log_assert ((int) GCRY_PK_ECC          == (int) PUBKEY_ALGO_ECDH);
  log_assert ((int) GCRY_PK_ELG          == (int) PUBKEY_ALGO_ELGAMAL);
  log_assert ((int) GCRY_PK_ECDSA        > 255);
  log_assert ((int) GCRY_PK_ECDH         > 255);
  log_assert ((int) GCRY_PK_EDDSA        > 255);
  log_assert ((int) GCRY_CIPHER_NONE     == (int) CIPHER_ALGO_NONE);
  log_assert ((int) GCRY_CIPHER_IDEA     == (int) CIPHER_ALGO_IDEA);
  log_assert ((int) GCRY_CIPHER_3DES     == (int) CIPHER_ALGO_3DES);
@ -159,6 +164,9 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
    case PUBKEY_ALGO_ECDH:
    case PUBKEY_ALGO_ECDSA:
    case PUBKEY_ALGO_EDDSA:
    case GCRY_PK_ECDSA:
    case GCRY_PK_ECDH:
    case GCRY_PK_EDDSA:
      algotype = is_ecc;
      break;
@ -211,7 +219,9 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
          result = (curvename
                    && (algo == PUBKEY_ALGO_ECDH
-                        || algo == PUBKEY_ALGO_ECDSA)
+                        || algo == PUBKEY_ALGO_ECDSA
                        || algo == GCRY_PK_ECDH
                        || algo == GCRY_PK_ECDSA)
                    && (!strcmp (curvename, "brainpoolP256r1")
                        || !strcmp (curvename, "brainpoolP384r1")
                        || !strcmp (curvename, "brainpoolP512r1")));
@ -292,6 +302,7 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
          break;
 	case PUBKEY_ALGO_ECDH:
 	case GCRY_PK_ECDH:
 	  if (use == PK_USE_DECRYPTION)
            result = 1;
          else if (use == PK_USE_ENCRYPTION)
@ -316,6 +327,7 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
          break;
 	case PUBKEY_ALGO_ECDSA:
 	case GCRY_PK_ECDSA:
          if (use == PK_USE_VERIFICATION)
            result = 1;
          else
@ -341,6 +353,10 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
 	case PUBKEY_ALGO_EDDSA:
          if (use == PK_USE_VERIFICATION)
            result = 1;
          else /* We may not create such signatures in de-vs mode.  */
            result = 0;
 	  break;
 	default:
--- a/common/compliance.h
+++ b/common/compliance.h
@ -45,7 +45,7 @@ enum gnupg_compliance_mode
 enum pk_use_case
  {
    PK_USE_ENCRYPTION, PK_USE_DECRYPTION,
-    PK_USE_SIGNING, PK_USE_VERIFICATION,
+    PK_USE_SIGNING, PK_USE_VERIFICATION
  };
 /* Flags to distinguish public key algorithm variants.  */
--- a/common/exechelp-posix.c
+++ b/common/exechelp-posix.c
@ -1110,6 +1110,20 @@ spawn_detached (gnupg_process_t process,
  return 0;
 }
 void
 gnupg_spawn_helper (struct spawn_cb_arg *sca)
 {
  int *user_except = sca->arg;
 #ifdef HAVE_W32_SYSTEM
  if (user_except[0] == -1)
    sca->ask_inherit = 0;
  else
    sca->ask_inherit = 1;
 #else
  sca->except_fds = user_except;
 #endif
 }
 gpg_err_code_t
 gnupg_process_spawn (const char *pgmname, const char *argv1[],
                     unsigned int flags,
--- a/common/exechelp.h
+++ b/common/exechelp.h
@ -249,6 +249,9 @@ struct spawn_cb_arg {
 #define GNUPG_PROCESS_STREAM_NONBLOCK     (1 << 16)
 /* Spawn helper.  */
 void gnupg_spawn_helper (struct spawn_cb_arg *sca);
 /* Spawn PGMNAME.  */
 gpg_err_code_t gnupg_process_spawn (const char *pgmname, const char *argv[],
                                    unsigned int flags,
--- a/common/exectool.c
+++ b/common/exectool.c
@ -305,20 +305,6 @@ copy_buffer_flush (struct copy_buffer *c, estream_t sink)
 }
 static void
 setup_close_all (struct spawn_cb_arg *sca)
 {
  int *user_except = sca->arg;
 #ifdef HAVE_W32_SYSTEM
  if (user_except[0] == -1)
    sca->ask_inherit = 0;
  else
    sca->ask_inherit = 1;
 #else
  sca->except_fds = user_except;
 #endif
 }
 /* Run the program PGMNAME with the command line arguments given in
 * the NULL terminates array ARGV.  If INPUT is not NULL it will be
 * fed to stdin of the process.  stderr is logged using log_info and
@ -433,7 +419,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
                               : GNUPG_PROCESS_STDIN_NULL)
                              | GNUPG_PROCESS_STDOUT_PIPE
                              | GNUPG_PROCESS_STDERR_PIPE),
-                             setup_close_all, exceptclose, &proc);
+                             gnupg_spawn_helper, exceptclose, &proc);
  gnupg_process_get_streams (proc, GNUPG_PROCESS_STREAM_NONBLOCK,
                             input? &infp : NULL, &outfp, &errfp);
  if (extrapipe[0] != -1)
--- a/common/init.c
+++ b/common/init.c
@ -30,6 +30,9 @@
 #include <config.h>
 #ifdef HAVE_W32_SYSTEM
 # if _WIN32_WINNT < 0x0600
 #   define _WIN32_WINNT 0x0600  /* Required for SetProcessDEPPolicy.  */
 # endif
 # ifdef HAVE_WINSOCK2_H
 #  include <winsock2.h>
 # endif
@ -213,7 +216,21 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp)
  log_set_socket_dir_cb (gnupg_socketdir);
 #if HAVE_W32_SYSTEM
-  /* For Standard Windows we use our own parser for the command line
+  /* Make sure that Data Execution Prevention is enabled.  */
  if (GetSystemDEPPolicy () >= 2)
    {
      DWORD flags;
      BOOL perm;
      if (!GetProcessDEPPolicy (GetCurrentProcess (), &flags, &perm))
        log_info ("error getting DEP policy: %s\n",
                  w32_strerror (GetLastError()));
      else if (!(flags & PROCESS_DEP_ENABLE)
               && !SetProcessDEPPolicy (PROCESS_DEP_ENABLE))
        log_info ("Warning: Enabling DEP failed: %s (%d,%d)\n",
                  w32_strerror (GetLastError ()), (int)flags, (int)perm);
    }
  /* On Windows we use our own parser for the command line
   * so that we can return an array of utf-8 encoded strings.  */
  prepare_w32_commandline (argcp, argvp);
 #else
--- a/common/iobuf.c
+++ b/common/iobuf.c
@ -1,7 +1,7 @@
 /* iobuf.c  -  File Handling for OpenPGP.
 * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2006, 2007, 2008,
 *               2009, 2010, 2011  Free Software Foundation, Inc.
- * Copyright (C) 2015  g10 Code GmbH
+ * Copyright (C) 2015, 2023  g10 Code GmbH
 *
 * This file is part of GnuPG.
 *
@ -27,6 +27,7 @@
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <https://www.gnu.org/licenses/>.
 * SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later)
 */
 #include <config.h>
@ -35,7 +36,6 @@
 #include <string.h>
 #include <errno.h>
 #include <ctype.h>
 #include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
@ -95,6 +95,9 @@ typedef struct
  int eof_seen;
  int delayed_rc;
  int print_only_name; /* Flags indicating that fname is not a real file.  */
  char peeked[32];     /* Read ahead buffer.  */
  byte npeeked;        /* Number of bytes valid in peeked.  */
  byte upeeked;        /* Number of bytes used from peeked.  */
  char fname[1];       /* Name of the file.  */
 } file_filter_ctx_t;
@ -207,7 +210,7 @@ fd_cache_invalidate (const char *fname)
  close_cache_t cc;
  int rc = 0;
-  assert (fname);
+  log_assert (fname);
  if (DBG_IOBUF)
    log_debug ("fd_cache_invalidate (%s)\n", fname);
@ -370,7 +373,7 @@ fd_cache_close (const char *fname, gnupg_fd_t fp)
 {
  close_cache_t cc;
-  assert (fp);
+  log_assert (fp);
  if (!fname || !*fname)
    {
 #ifdef HAVE_W32_SYSTEM
@ -411,7 +414,7 @@ fd_cache_open (const char *fname, const char *mode)
 {
  close_cache_t cc;
-  assert (fname);
+  log_assert (fname);
  for (cc = close_cache; cc; cc = cc->next)
    {
      if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
@ -458,7 +461,16 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
  if (control == IOBUFCTRL_UNDERFLOW)
    {
      log_assert (size); /* We need a buffer.  */
-      if (a->eof_seen)
+      if (a->npeeked > a->upeeked)
        {
          nbytes = a->npeeked - a->upeeked;
          if (nbytes > size)
            nbytes = size;
          memcpy (buf, a->peeked + a->upeeked, nbytes);
          a->upeeked += nbytes;
          *ret_len = nbytes;
        }
      else if (a->eof_seen)
 	{
 	  rc = -1;
 	  *ret_len = 0;
@ -596,6 +608,73 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
      a->delayed_rc = 0;
      a->keep_open = 0;
      a->no_cache = 0;
      a->npeeked = 0;
      a->upeeked = 0;
    }
  else if (control == IOBUFCTRL_PEEK)
    {
      /* Peek on the input.  */
 #ifdef HAVE_W32_SYSTEM
      unsigned long nread;
      nbytes = 0;
      if (!ReadFile (f, a->peeked, sizeof a->peeked, &nread, NULL))
        {
          int ec = (int) GetLastError ();
          if (ec != ERROR_BROKEN_PIPE)
            {
              rc = gpg_error_from_errno (ec);
              log_error ("%s: read error: ec=%d\n", a->fname, ec);
            }
          a->npeeked = 0;
        }
      else if (!nread)
        {
          a->eof_seen = 1;
          a->npeeked = 0;
        }
      else
        {
          a->npeeked = nread;
        }
 #else /* Unix */
      int n;
    peek_more:
      do
        {
          n = read (f, a->peeked + a->npeeked, sizeof a->peeked - a->npeeked);
        }
      while (n == -1 && errno == EINTR);
      if (n > 0)
        {
          a->npeeked += n;
          if (a->npeeked < sizeof a->peeked)
            goto peek_more;
        }
      else if (!n) /* eof */
        {
          if (a->npeeked)
            a->delayed_rc = -1;
          else
            a->eof_seen = 1;
        }
      else /* error */
        {
          rc = gpg_error_from_syserror ();
          if (gpg_err_code (rc) != GPG_ERR_EPIPE)
            log_error ("%s: read error: %s\n", a->fname, gpg_strerror (rc));
          if (a->npeeked)
            a->delayed_rc = rc;
        }
 #endif /* Unix */
      size = a->npeeked < size? a->npeeked : size;
      memcpy (buf, a->peeked, size);
      *ret_len = size;
      rc = 0;  /* Return success - the user needs to check ret_len.  */
    }
  else if (control == IOBUFCTRL_DESC)
    {
@ -632,7 +711,7 @@ file_es_filter (void *opaque, int control, iobuf_t chain, byte * buf,
  if (control == IOBUFCTRL_UNDERFLOW)
    {
-      assert (size); /* We need a buffer.  */
+      log_assert (size); /* We need a buffer.  */
      if (a->eof_seen)
 	{
 	  rc = -1;
@ -751,7 +830,7 @@ sock_filter (void *opaque, int control, iobuf_t chain, byte * buf,
  if (control == IOBUFCTRL_UNDERFLOW)
    {
-      assert (size);		/* need a buffer */
+      log_assert (size);		/* need a buffer */
      if (a->eof_seen)
 	{
 	  rc = -1;
@ -846,7 +925,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
      size_t n = 0;
      p = buf;
-      assert (size);		/* need a buffer */
+      log_assert (size);	/* need a buffer */
      if (a->eof)		/* don't read any further */
 	rc = -1;
      while (!rc && size)
@ -974,7 +1053,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
 	{			/* the complicated openpgp scheme */
 	  size_t blen, n, nbytes = size + a->buflen;
-	  assert (a->buflen <= OP_MIN_PARTIAL_CHUNK);
+	  log_assert (a->buflen <= OP_MIN_PARTIAL_CHUNK);
 	  if (nbytes < OP_MIN_PARTIAL_CHUNK)
 	    {
 	      /* not enough to write a partial block out; so we store it */
@ -998,12 +1077,12 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
 		  blen /= 2;
 		  c--;
 		  /* write the partial length header */
-		  assert (c <= 0x1f);	/*;-) */
+		  log_assert (c <= 0x1f);	/*;-) */
 		  c |= 0xe0;
 		  iobuf_put (chain, c);
 		  if ((n = a->buflen))
 		    {		/* write stuff from the buffer */
-		      assert (n == OP_MIN_PARTIAL_CHUNK);
+		      log_assert (n == OP_MIN_PARTIAL_CHUNK);
 		      if (iobuf_write (chain, a->buffer, n))
 			rc = gpg_error_from_syserror ();
 		      a->buflen = 0;
@ -1020,8 +1099,8 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
 	      /* store the rest in the buffer */
 	      if (!rc && nbytes)
 		{
-		  assert (!a->buflen);
+		  log_assert (!a->buflen);
-		  assert (nbytes < OP_MIN_PARTIAL_CHUNK);
+		  log_assert (nbytes < OP_MIN_PARTIAL_CHUNK);
 		  if (!a->buffer)
 		    a->buffer = xmalloc (OP_MIN_PARTIAL_CHUNK);
 		  memcpy (a->buffer, p, nbytes);
@ -1183,7 +1262,7 @@ iobuf_alloc (int use, size_t bufsize)
  iobuf_t a;
  static int number = 0;
-  assert (use == IOBUF_INPUT || use == IOBUF_INPUT_TEMP
+  log_assert (use == IOBUF_INPUT || use == IOBUF_INPUT_TEMP
              || use == IOBUF_OUTPUT || use == IOBUF_OUTPUT_TEMP);
  if (bufsize == 0)
    {
@ -1304,7 +1383,7 @@ iobuf_temp_with_content (const char *buffer, size_t length)
  int i;
  a = iobuf_alloc (IOBUF_INPUT_TEMP, length);
-  assert (length == a->d.size);
+  log_assert (length == a->d.size);
  /* memcpy (a->d.buf, buffer, length); */
  for (i=0; i < length; i++)
    a->d.buf[i] = buffer[i];
@ -1335,7 +1414,7 @@ do_open (const char *fname, int special_filenames,
  int fd;
  byte desc[MAX_IOBUF_DESC];
-  assert (use == IOBUF_INPUT || use == IOBUF_OUTPUT);
+  log_assert (use == IOBUF_INPUT || use == IOBUF_OUTPUT);
  if (special_filenames
      /* NULL or '-'.  */
@ -1576,6 +1655,25 @@ iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval)
          return fd_cache_synchronize (ptrval);
        }
    }
  else if (cmd == IOBUF_IOCTL_PEEK)
    {
      /* Peek at a justed opened file.  Use this only directly after a
       * file has been opened for reading.  Don't use it after you did
       * a seek.  This works only if just file filter has been
       * pushed.  Expects a buffer wit size INTVAL at PTRVAL and returns
       * the number of bytes put into the buffer.  */
      if (DBG_IOBUF)
 	log_debug ("iobuf-%d.%d: ioctl '%s' peek\n",
 		   a ? a->no : -1, a ? a->subno : -1, iobuf_desc (a, desc));
      if (a->filter == file_filter && ptrval && intval)
        {
          file_filter_ctx_t *fcx = a->filter_ov;
          size_t len = intval;
          if (!file_filter (fcx, IOBUFCTRL_PEEK, NULL, ptrval, &len))
            return (int)len;
        }
    }
  return -1;
@ -1755,13 +1853,13 @@ iobuf_pop_filter (iobuf_t a, int (*f) (void *opaque, int control,
  if (a->use == IOBUF_INPUT_TEMP || a->use == IOBUF_OUTPUT_TEMP)
    {
      /* This should be the last filter in the pipeline.  */
-      assert (! a->chain);
+      log_assert (! a->chain);
      return 0;
    }
  if (!a->filter)
    {				/* this is simple */
      b = a->chain;
-      assert (b);
+      log_assert (b);
      xfree (a->d.buf);
      xfree (a->real_fname);
      memcpy (a, b, sizeof *a);
@ -1856,14 +1954,14 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
       buffer.  */
    return -1;
-  assert (a->use == IOBUF_INPUT);
+  log_assert (a->use == IOBUF_INPUT);
  a->e_d.used = 0;
  /* If there is still some buffered data, then move it to the start
     of the buffer and try to fill the end of the buffer.  (This is
     useful if we are called from iobuf_peek().)  */
-  assert (a->d.start <= a->d.len);
+  log_assert (a->d.start <= a->d.len);
  a->d.len -= a->d.start;
  if (a->d.len)
    memmove (a->d.buf, &a->d.buf[a->d.start], a->d.len);
@ -2027,7 +2125,7 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
 	}
    }
-  assert (a->d.start <= a->d.len);
+  log_assert (a->d.start <= a->d.len);
  if (a->e_d.used > 0)
    return 0;
  if (a->d.start < a->d.len)
@ -2107,7 +2205,7 @@ iobuf_readbyte (iobuf_t a)
      return -1;
    }
-  assert (a->d.start <= a->d.len);
+  log_assert (a->d.start <= a->d.len);
  if (a->nlimit && a->nbytes >= a->nlimit)
    return -1;			/* forced EOF */
@ -2119,7 +2217,7 @@ iobuf_readbyte (iobuf_t a)
  else if ((c = underflow (a, 1)) == -1)
    return -1;			/* EOF */
-  assert (a->d.start <= a->d.len);
+  log_assert (a->d.start <= a->d.len);
  /* Note: if underflow doesn't return EOF, then it returns the first
     byte that was read and advances a->d.start appropriately.  */
@ -2244,8 +2342,8 @@ iobuf_peek (iobuf_t a, byte * buf, unsigned buflen)
 {
  int n = 0;
-  assert (buflen > 0);
+  log_assert (buflen > 0);
-  assert (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP);
+  log_assert (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP);
  if (buflen > a->d.size)
    /* We can't peek more than we can buffer.  */
@ -2261,7 +2359,7 @@ iobuf_peek (iobuf_t a, byte * buf, unsigned buflen)
      /* Underflow consumes the first character (it's the return
 	 value).  unget() it by resetting the "file position".  */
-      assert (a->d.start == 1);
+      log_assert (a->d.start == 1);
      a->d.start = 0;
    }
@ -2296,7 +2394,7 @@ iobuf_writebyte (iobuf_t a, unsigned int c)
    if ((rc=filter_flush (a)))
      return rc;
-  assert (a->d.len < a->d.size);
+  log_assert (a->d.len < a->d.size);
  a->d.buf[a->d.len++] = c;
  return 0;
 }
@ -2397,8 +2495,8 @@ iobuf_writestr (iobuf_t a, const char *buf)
 int
 iobuf_write_temp (iobuf_t dest, iobuf_t source)
 {
-  assert (source->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP);
+  log_assert (source->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP);
-  assert (dest->use == IOBUF_OUTPUT || dest->use == IOBUF_OUTPUT_TEMP);
+  log_assert (dest->use == IOBUF_OUTPUT || dest->use == IOBUF_OUTPUT_TEMP);
  iobuf_flush_temp (source);
  return iobuf_write (dest, source->d.buf, source->d.len);
@ -2782,7 +2880,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
     NUL character in the buffer.  This requires at least 2 bytes.  We
     don't complicate the code by handling the stupid corner case, but
     simply assert that it can't happen.  */
-  assert (!buffer || length >= 2 || maxlen >= 2);
+  log_assert (!buffer || length >= 2 || maxlen >= 2);
  if (!buffer || length <= 1)
    /* must allocate a new buffer */
@ -2853,7 +2951,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
 	      /* p is pointing at the last byte in the buffer.  We
 		 always terminate the line with "\n\0" so overwrite
 		 the previous byte with a \n.  */
-	      assert (p > buffer);
+	      log_assert (p > buffer);
 	      p[-1] = '\n';
 	      /* Indicate truncation.  */
--- a/common/iobuf.h
+++ b/common/iobuf.h
@ -106,6 +106,7 @@ enum
    IOBUFCTRL_FLUSH     = 4,
    IOBUFCTRL_DESC	= 5,
    IOBUFCTRL_CANCEL    = 6,
    IOBUFCTRL_PEEK      = 7,
    IOBUFCTRL_USER	= 16
  };
@ -116,7 +117,8 @@ typedef enum
    IOBUF_IOCTL_KEEP_OPEN        = 1, /* Uses intval.  */
    IOBUF_IOCTL_INVALIDATE_CACHE = 2, /* Uses ptrval.  */
    IOBUF_IOCTL_NO_CACHE         = 3, /* Uses intval.  */
-    IOBUF_IOCTL_FSYNC            = 4  /* Uses ptrval.  */
+    IOBUF_IOCTL_FSYNC            = 4, /* Uses ptrval.  */
    IOBUF_IOCTL_PEEK             = 5  /* Uses intval and ptrval.  */
  } iobuf_ioctl_t;
 enum iobuf_use
--- a/common/mapstrings.c
+++ b/common/mapstrings.c
@ -154,6 +154,14 @@ map_static_macro_string (const char *string)
  membuf_t mb;
  char *p;
  /* We use a hack if we don't use the fixed gpgrt 1.47
   * (commit 885a287a57cf060b4c5b441822c09d23b8dee2bd) */
 #if GPGRT_VERSION_NUMBER < 0x012f00
  if (string && !strncmp (string, "Project-Id-Version:", 19)
      && strstr (string, "PO-Revision-Date:"))
    return "";
 #endif
  if ((s = already_mapped (string)))
    return s;
  s = string;
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@ -418,7 +418,7 @@ decode_c_string (const char *src)
 /* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
 * packet.  LEN should be at least 6.  */
 static int
-is_openpgp_compressed_packet (unsigned char *buf, size_t len)
+is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
 {
  int c, ctb, pkttype;
  int lenbytes;
@ -460,63 +460,64 @@ is_openpgp_compressed_packet (unsigned char *buf, size_t len)
 /*
- * Check if the file is compressed.
+ * Check if the file is compressed.  You need to pass the first bytes
 * of the file as (BUF,BUFLEN).  Returns true if the buffer seems to
 * be compressed.
 */
 int
-is_file_compressed (const char *s, int *ret_rc)
+is_file_compressed (const byte *buf, unsigned int buflen)
 {
    iobuf_t a;
    byte buf[6];
  int i;
    int rc = 0;
    int overflow;
-    struct magic_compress_s {
+  struct magic_compress_s
-        size_t len;
+  {
-        byte magic[4];
+    byte len;
-    } magic[] = {
+    byte extchk;
-        { 3, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
+    byte magic[5];
-        { 3, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
+  } magic[] =
-        { 4, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
+      {
       { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
       { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
       { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
       { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
       { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
       { 5, 2, { 0x89, 'P','N','G', 0x0d} }  /* Likely PNG */
  };
-    if ( iobuf_is_pipe_filename (s) || !ret_rc )
+  if ( buflen < 6 )
        return 0; /* We can't check stdin or no file was given */
    a = iobuf_open( s );
    if ( a == NULL ) {
        *ret_rc = gpg_error_from_syserror ();
        return 0;
    }
    iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL);
    if ( iobuf_get_filelength( a, &overflow ) < 6 && !overflow) {
        *ret_rc = 0;
        goto leave;
    }
    if ( iobuf_read( a, buf, 6 ) == -1 ) {
        *ret_rc = a->error;
        goto leave;
    }
    for ( i = 0; i < DIM( magic ); i++ ) {
        if ( !memcmp( buf, magic[i].magic, magic[i].len ) ) {
            *ret_rc = 0;
            rc = 1;
            goto leave;
        }
    }
    if (is_openpgp_compressed_packet (buf, 6))
    {
-        *ret_rc = 0;
+      return 0;  /* Too short to check - assume uncompressed.  */
        rc = 1;
    }
- leave:
+  for ( i = 0; i < DIM (magic); i++ )
-    iobuf_close( a );
+    {
-    return rc;
+      if (!memcmp( buf, magic[i].magic, magic[i].len))
        {
          switch (magic[i].extchk)
            {
            case 0:
              return 1; /* Is compressed.  */
            case 1:
              if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
                return 1; /* JFIF: this likely a compressed JPEG.  */
              break;
            case 2:
              if (buflen > 8
                  && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
                return 1; /* This is a PNG.  */
              break;
            default:
              break;
            }
        }
    }
  if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
    {
      return 1; /* Already compressed.  */
    }
  return 0;  /* Not detected as compressed.  */
 }
--- a/common/util.h
+++ b/common/util.h
@ -359,7 +359,7 @@ char *try_make_printable_string (const void *p, size_t n, int delim);
 char *make_printable_string (const void *p, size_t n, int delim);
 char *decode_c_string (const char *src);
-int is_file_compressed (const char *s, int *ret_rc);
+int is_file_compressed (const byte *buf, unsigned int buflen);
 int match_multistr (const char *multistr,const char *match);
--- a/common/w32info-rc.h.in
+++ b/common/w32info-rc.h.in
@ -29,4 +29,4 @@ built on @BUILD_HOSTNAME@ at @BUILD_TIMESTAMP@\0"
 #define W32INFO_PRODUCTVERSION "@VERSION@\0"
 #define W32INFO_LEGALCOPYRIGHT "Copyright \xa9 \
-2021 g10 Code GmbH\0"
+2023 g10 Code GmbH\0"
--- a/configure.ac
+++ b/configure.ac
@ -1,7 +1,7 @@
 # configure.ac - for GnuPG 2.1
 # Copyright (C) 1998-2019 Werner Koch
 # Copyright (C) 1998-2021 Free Software Foundation, Inc.
-# Copyright (C) 2003-2021 g10 Code GmbH
+# Copyright (C) 2003-2023 g10 Code GmbH
 #
 # This file is part of GnuPG.
 #
@ -28,8 +28,8 @@ min_automake_version="1.16.3"
 # another commit and push so that the git magic is able to work.
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
-m4_define([mym4_minor], [3])
+m4_define([mym4_minor], [4])
-m4_define([mym4_micro], [9])
+m4_define([mym4_micro], [1])
 # To start a new development series, i.e a new major or minor number
 # you need to mark an arbitrary commit before the first beta release
@ -52,6 +52,7 @@ AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org])
 # When changing the SWDB tag please also adjust the hard coded tags in
 # build-aux/speedo.mk, build-aux/getswdb.sh, and Makefile.am
 # As well as the source info for the man pages.
 AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg24", [swdb tag for this branch])
 NEED_GPGRT_VERSION=1.46
@ -63,7 +64,7 @@ NEED_LIBASSUAN_API=2
 NEED_LIBASSUAN_VERSION=2.5.0
 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.3.4
+NEED_KSBA_VERSION=1.6.3
 NEED_NTBTLS_API=1
 NEED_NTBTLS_VERSION=0.1.0
@ -524,21 +525,7 @@ AH_BOTTOM([
 #define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
 #define GNUPG_CACHE_DIR         "cache.d"
-/* GnuPG has always been a part of the GNU project and thus we have
+#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2023 g10 Code GmbH"
 * shown the FSF as holder of the copyright.  We continue to do so for
 * the reason that without the FSF the free software used all over the
 * world would not have come into existence.  However, under Windows
 * we print a different copyright string with --version because the
 * copyright assignments of g10 Code and Werner Koch were terminated
 * many years ago, g10 Code is still the major contributor to the
 * code, and Windows is not an FSF endorsed platform.  Note that the
 * actual list of copyright holders can be found in the AUTHORS file.  */
 #ifdef HAVE_W32_SYSTEM
 #define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2021 g10 Code GmbH"
 #else
 #define GNUPG_DEF_COPYRIGHT_LINE \
        "Copyright (C) 2021 Free Software Foundation, Inc."
 #endif
 /* For some systems (DOS currently), we hardcode the path here.  For
   POSIX systems the values are constructed by the Makefiles, so that
@ -691,7 +678,6 @@ try_gettext=yes
 require_iconv=yes
 have_dosish_system=no
 have_w32_system=no
 have_w32ce_system=no
 have_android_system=no
 use_simple_gettext=no
 mmap_needed=yes
@ -710,15 +696,7 @@ case "${host}" in
        have_w32_system=yes
        require_iconv=no
        require_pipe_to_unblock_pselect=no
-        case "${host}" in
+        AC_DEFINE(HAVE_DRIVE_LETTERS,1, [Defined if the OS supports drive letters.])
          *-mingw32ce*)
            have_w32ce_system=yes
            ;;
          *)
            AC_DEFINE(HAVE_DRIVE_LETTERS,1,
                      [Defined if the OS supports drive letters.])
            ;;
        esac
        try_gettext="no"
 	use_simple_gettext=yes
 	mmap_needed=no
@ -803,13 +781,9 @@ AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
 if test "$have_w32_system" = yes; then
   AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
   if test "$have_w32ce_system" = yes; then
      AC_DEFINE(HAVE_W32CE_SYSTEM,1,[Defined if we run on WindowsCE])
   fi
   AC_CHECK_HEADERS([winsock2.h])
 fi
 AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
 AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes)
 if test "$have_android_system" = yes; then
   AC_DEFINE(HAVE_ANDROID_SYSTEM,1, [Defined if we build for an Android system])
@ -1273,9 +1247,6 @@ AC_DEFINE_UNQUOTED(NAME_OF_SENDMAIL,"$SENDMAIL",
 # Construct a printable name of the OS
 #
 case "${host}" in
    *-mingw32ce*)
        PRINTABLE_OS_NAME="W32CE"
        ;;
    *-mingw32*)
        PRINTABLE_OS_NAME="MingW32"
        ;;
@ -1575,11 +1546,7 @@ GNUPG_CHECK_GNUMAKE
 # requiring any network stuff but linking to code in libcommon which
 # tracks in winsock stuff (e.g. init_common_subsystems).
 if test "$have_w32_system" = yes; then
   if test "$have_w32ce_system" = yes; then
     W32SOCKLIBS="-lws2"
   else
   W32SOCKLIBS="-lws2_32"
   fi
   NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
 fi
@ -2064,16 +2031,6 @@ if test "$have_ksba" = "no"; then
 *** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
 ***]])
 fi
 if test "$gnupg_have_ldap" = yes; then
  if test "$have_w32ce_system" = yes; then
    AC_MSG_NOTICE([[
 *** Note that CeGCC might be broken, a package fixing this is:
 ***    http://files.kolab.org/local/windows-ce/
 ***                           source/wldap32_0.1-mingw32ce.orig.tar.gz
 ***                           binary/wldap32-ce-arm-dev_0.1-1_all.deb
 ***]])
   fi
 fi
 if test "$have_npth" = "no"; then
    die=yes
    AC_MSG_NOTICE([[
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@ -93,7 +93,7 @@ dirmngr_LDADD = $(libcommonpth) \
 if USE_LDAP
 dirmngr_LDADD += $(ldaplibs) $(LBER_LIBS)
 endif
-dirmngr_LDFLAGS = $(extra_bin_ldflags)
+dirmngr_LDFLAGS =
 if USE_LDAP
 dirmngr_ldap_SOURCES = dirmngr_ldap.c ldap-misc.c ldap-misc.h $(ldap_url)
@ -108,7 +108,7 @@ dirmngr_client_SOURCES = dirmngr-client.c
 dirmngr_client_LDADD = $(libcommon) \
                       $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
                       $(LIBGCRYPT_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV)
-dirmngr_client_LDFLAGS = $(extra_bin_ldflags)
+dirmngr_client_LDFLAGS =
 t_common_src = t-support.h t-support.c
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@ -886,7 +886,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
 /* This function is called after option parsing to adjust some values
 * and call option setup functions.  */
 static void
-post_option_parsing (void)
+post_option_parsing (enum cmd_and_opt_values cmd)
 {
  /* It would be too surpirsing if the quick timeout is larger than
   * the standard value.  */
@ -894,6 +894,18 @@ post_option_parsing (void)
    opt.connect_quick_timeout = opt.connect_timeout;
  set_debug ();
  /* For certain commands we do not want to set/test for Tor mode
   * because that is somewhat expensive.  */
  switch (cmd)
    {
    case aGPGConfList:
    case aGPGConfTest:
    case aGPGConfVersions:
      break;
    default:
      set_tor_mode ();
      break;
    }
 }
@ -1214,12 +1226,7 @@ main (int argc, char **argv)
      log_printf ("\n");
    }
-  /* Note that we do not run set_tor_mode in --gpgconf-list mode
+  post_option_parsing (cmd);
   * because it will attempt to connect to the tor client and that can
   * be time consuming.  */
  post_option_parsing ();
  if (cmd != aGPGConfTest && cmd != aGPGConfList && cmd != aGPGConfVersions)
    set_tor_mode ();
  /* Get LDAP server list from file unless --ldapserver has been used.  */
 #if USE_LDAP
@ -1965,7 +1972,7 @@ reread_configuration (void)
    }
  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
  xfree (twopart);
-  post_option_parsing ();
+  post_option_parsing (0);
 finish:
  /* Get a default log file from common.conf.  */
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@ -650,10 +650,13 @@ check_signature (ctrl_t ctrl,
 /* Check whether the certificate either given by fingerprint CERT_FPR
   or directly through the CERT object is valid by running an OCSP
   transaction.  With FORCE_DEFAULT_RESPONDER set only the configured
-   default responder is used. */
+   default responder is used.  If R_REVOKED_AT or R_REASON are not
   NULL and the certificat has been revoked the revocation time and
   the reasons are stored there. */
 gpg_error_t
 ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
-              int force_default_responder)
+              int force_default_responder, ksba_isotime_t r_revoked_at,
              const char **r_reason)
 {
  gpg_error_t err;
  ksba_ocsp_t ocsp = NULL;
@ -672,6 +675,12 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
  char *oid;
  ksba_name_t name;
  fingerprint_list_t default_signer = NULL;
  const char *sreason;
  if (r_revoked_at)
    *r_revoked_at = 0;
  if (r_reason)
    *r_reason = NULL;
  /* Get the certificate.  */
  if (cert)
@ -842,8 +851,36 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
                      more important message than the failure of our
                      cache. */
        }
    }
      switch (reason)
        {
        case KSBA_CRLREASON_UNSPECIFIED:
          sreason = "unspecified"; break;
        case KSBA_CRLREASON_KEY_COMPROMISE:
          sreason = "key compromise"; break;
        case KSBA_CRLREASON_CA_COMPROMISE:
          sreason = "CA compromise"; break;
        case KSBA_CRLREASON_AFFILIATION_CHANGED:
          sreason = "affiliation changed"; break;
        case KSBA_CRLREASON_SUPERSEDED:
          sreason = "superseded"; break;
        case KSBA_CRLREASON_CESSATION_OF_OPERATION:
          sreason = "cessation of operation"; break;
        case KSBA_CRLREASON_CERTIFICATE_HOLD:
          sreason = "certificate on hold"; break;
        case KSBA_CRLREASON_REMOVE_FROM_CRL:
          sreason = "removed from CRL"; break;
        case KSBA_CRLREASON_PRIVILEGE_WITHDRAWN:
          sreason = "privilege withdrawn"; break;
        case KSBA_CRLREASON_AA_COMPROMISE:
          sreason = "AA compromise"; break;
        case KSBA_CRLREASON_OTHER:
          sreason = "other"; break;
        default: sreason = "?"; break;
        }
    }
  else
    sreason = "";
  if (opt.verbose)
    {
@ -855,29 +892,19 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
                this_update, next_update);
      if (status == KSBA_STATUS_REVOKED)
        log_info (_("certificate has been revoked at: %s due to: %s\n"),
-                  revocation_time,
+                  revocation_time, sreason);
                  reason == KSBA_CRLREASON_UNSPECIFIED?   "unspecified":
                  reason == KSBA_CRLREASON_KEY_COMPROMISE? "key compromise":
                  reason == KSBA_CRLREASON_CA_COMPROMISE?   "CA compromise":
                  reason == KSBA_CRLREASON_AFFILIATION_CHANGED?
                                                      "affiliation changed":
                  reason == KSBA_CRLREASON_SUPERSEDED?   "superseded":
                  reason == KSBA_CRLREASON_CESSATION_OF_OPERATION?
                                                  "cessation of operation":
                  reason == KSBA_CRLREASON_CERTIFICATE_HOLD?
                                                  "certificate on hold":
                  reason == KSBA_CRLREASON_REMOVE_FROM_CRL?
                                                  "removed from CRL":
                  reason == KSBA_CRLREASON_PRIVILEGE_WITHDRAWN?
                                                  "privilege withdrawn":
                  reason == KSBA_CRLREASON_AA_COMPROMISE? "AA compromise":
                  reason == KSBA_CRLREASON_OTHER?   "other":"?");
    }
  if (status == KSBA_STATUS_REVOKED)
    {
      err = gpg_error (GPG_ERR_CERT_REVOKED);
      if (r_revoked_at)
        gnupg_copy_time (r_revoked_at, revocation_time);
      if (r_reason)
        *r_reason = sreason;
    }
  else if (status == KSBA_STATUS_UNKNOWN)
    err = gpg_error (GPG_ERR_NO_DATA);
  else if (status != KSBA_STATUS_GOOD)
--- a/dirmngr/ocsp.h
+++ b/dirmngr/ocsp.h
@ -23,7 +23,9 @@
 #define OCSP_H
 gpg_error_t ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
-                          int force_default_responder);
+                          int force_default_responder,
                          gnupg_isotime_t r_revoked_at,
                          const char **r_reason);
 /* Release the list of OCSP certificates hold in the CTRL object. */
 void release_ctrl_ocsp_certs (ctrl_t ctrl);
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@ -1310,6 +1310,9 @@ cmd_isvalid (assuan_context_t ctx, char *line)
 again:
  if (ocsp_mode)
    {
      gnupg_isotime_t revoked_at;
      const char *reason;
      /* Note, that we currently ignore the supplied fingerprint FPR;
       * instead ocsp_isvalid does an inquire to ask for the cert.
       * The fingerprint may eventually be used to lookup the
@ -1317,7 +1320,12 @@ cmd_isvalid (assuan_context_t ctx, char *line)
      if (!opt.allow_ocsp)
        err = gpg_error (GPG_ERR_NOT_SUPPORTED);
      else
-        err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder);
+        err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder,
                            revoked_at, &reason);
      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED)
        dirmngr_status_printf (ctrl, "REVOCATIONINFO", "%s %s",
                               revoked_at, reason);
      if (gpg_err_code (err) == GPG_ERR_CONFIGURATION
          && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR)
@ -1512,6 +1520,8 @@ cmd_checkocsp (assuan_context_t ctx, char *line)
  unsigned char fprbuffer[20], *fpr;
  ksba_cert_t cert;
  int force_default_responder;
  gnupg_isotime_t revoked_at;
  const char *reason;
  force_default_responder = has_option (line, "--force-default-responder");
  line = skip_options (line);
@ -1547,12 +1557,18 @@ cmd_checkocsp (assuan_context_t ctx, char *line)
        goto leave;
    }
-  assert (cert);
+  log_assert (cert);
  if (!opt.allow_ocsp)
    err = gpg_error (GPG_ERR_NOT_SUPPORTED);
  else
-    err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder);
+    err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder,
                        revoked_at, &reason);
  if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED)
    dirmngr_status_printf (ctrl, "REVOCATIONINFO", "%s %s",
                           revoked_at, reason);
 leave:
  ksba_cert_release (cert);
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -22,18 +22,9 @@ AM_CPPFLAGS =
 include $(top_srcdir)/am/cmacros.am
 examples = examples/README examples/scd-event examples/trustlist.txt	\
-	   examples/VS-NfD.prf examples/Automatic.prf                   \
+           examples/qualified.txt                                       \
           examples/debug.prf  examples/qualified.txt                   \
 	   examples/common.conf                                         \
           examples/gpgconf.rnames examples/gpgconf.conf                \
 	   examples/systemd-user/README 				\
 	   examples/systemd-user/dirmngr.service 			\
 	   examples/systemd-user/dirmngr.socket				\
 	   examples/systemd-user/gpg-agent.service 			\
 	   examples/systemd-user/gpg-agent.socket 			\
 	   examples/systemd-user/gpg-agent-ssh.socket 			\
 	   examples/systemd-user/gpg-agent-browser.socket		\
 	   examples/systemd-user/gpg-agent-extra.socket 		\
 	   examples/pwpattern.list
 helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt		\
@ -44,8 +35,6 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt		\
            help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt		\
            help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt
 profiles =
 EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \
 	     gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
 	     gnupg-module-overview.png gnupg-module-overview.pdf \
@ -61,7 +50,7 @@ BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \
 info_TEXINFOS = gnupg.texi
-dist_pkgdata_DATA =  $(helpfiles) $(profiles)
+dist_pkgdata_DATA =  $(helpfiles)
 nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \
                       $(examples)
@ -85,7 +74,7 @@ DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips
 AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css
 YAT2M_OPTIONS = -I $(srcdir) \
-        --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 2.3"
+        --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 2.4"
 myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
 	        dirmngr.texi scdaemon.texi tools.texi wks.texi \
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@ -311,16 +311,16 @@ Use @var{name} as your keyserver.  This is the server that @command{gpg}
 communicates with to receive keys, send keys, and search for
 keys.  The format of the @var{name} is a URI:
 `scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
-"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
+"hkp" for the HTTP (or compatible) keyservers or "ldap" for the LDAP
-keyservers, or "mailto" for the Graff email keyserver. Note that your
+keyservers. Note that your particular installation of GnuPG may have
-particular installation of GnuPG may have other keyserver types
+other keyserver types available as well. Keyserver schemes are
-available as well. Keyserver schemes are case-insensitive. After the
+case-insensitive. After the keyserver name, optional keyserver
-keyserver name, optional keyserver configuration options may be
+configuration options may be provided.  These are the same as the
-provided.  These are the same as the @option{--keyserver-options} of
+@option{--keyserver-options} of @command{gpg}, but apply only to this
-@command{gpg}, but apply only to this particular keyserver.
+particular keyserver.
-Most keyservers synchronize with each other, so there is generally no
+Some keyservers synchronize with each other, so there is not always a
-need to send keys to more than one server. Somes keyservers use round
+need to send keys to more than one server. Some keyservers use round
 robin DNS to give a different keyserver each time you use it.
 If exactly two keyservers are configured and only one is a Tor hidden
@ -751,7 +751,7 @@ allow-ocsp
 To make sure that new options are read or that after the installation
 of a new GnuPG versions the right dirmngr version is running, you
 should kill an existing dirmngr so that a new instance is started as
-needed by the otehr components:
+needed by the other components:
@example
 gpgconf --kill dirmngr
--- a/doc/examples/README
+++ b/doc/examples/README
@ -8,8 +8,6 @@ trustlist.txt   A list of trustworthy root certificates
 gpgconf.conf    A sample configuration file for gpgconf.
 systemd-user    Sample files for a Linux-only init system.
 qualified.txt   Sample file for qualified.txt.
 common.conf     Sample file for common options.
--- a/doc/examples/VS-NfD.prf
+++ b/doc/examples/VS-NfD.prf
@ -1,24 +0,0 @@
 # VS-NfD.prf - Configure options for the VS-NfD mode           -*- conf -*-
 #
 # The options for each tool are configured in a section ("[TOOL]");
 # see the respective man page for a description of these options and
 # the gpgconf manpage for a description of this file's syntax.
 [gpg]
 compliance de-vs
 [gpgsm]
 compliance de-vs
 enable-crl-checks
 [gpg-agent]
 default-cache-ttl 900
 max-cache-ttl 3600
 no-allow-mark-trusted
 no-allow-external-cache
 enforce-passphrase-constraints
 min-passphrase-len 9
 min-passphrase-nonalpha 0
 [dirmngr]
 allow-ocsp
--- a/doc/examples/debug.prf
+++ b/doc/examples/debug.prf
@ -1,29 +0,0 @@
 # debug.prf - Configure options for easier debugging       -*- conf -*-
 #
 # Note that the actual debug options for each component need to be set
 # manually.  Running the component with "--debug help" shows a list of
 # supported values.  To watch the logs this command can be used:
 #
 #   watchgnupg --time-only --force $(gpgconf --list-dirs socketdir)/S.log
 #
 [gpg]
 log-file socket://
 verbose
 #debug ipc
 [gpgsm]
 log-file socket://
 verbose
 #debug ipc
 [gpg-agent]
 log-file socket://
 verbose
 #debug ipc
 #debug-pinentry
 [dirmngr]
 log-file socket://
 verbose
 #debug ipc,dns
--- a/doc/examples/gpgconf.conf
+++ b/doc/examples/gpgconf.conf
@ -1,5 +1,9 @@
 # gpgconf.conf - configuration for gpgconf
 #----------------------------------------------------------------------
 #
 # === The use of this feature is deprecated ===
 # == Please use the more powerful global options. ==
 #
 # This file is read by gpgconf(1) to setup defaults for all or
 # specified users and groups.  It may be used to change the hardwired
 # defaults in gpgconf and to enforce certain values for the various
--- a/doc/examples/systemd-user/README
+++ b/doc/examples/systemd-user/README
@ -1,66 +0,0 @@
 Socket-activated dirmngr and gpg-agent with systemd
 ===================================================
 When used on a GNU/Linux system supervised by systemd, you can ensure
 that the GnuPG daemons dirmngr and gpg-agent are launched
 automatically the first time they're needed, and shut down cleanly at
 session logout.  This is done by enabling user services via
 socket-activation.
 System distributors
 -------------------
 The *.service and *.socket files (from this directory) should be
 placed in /usr/lib/systemd/user/ alongside other user-session services
 and sockets.
 To enable socket-activated dirmngr for all accounts on the system,
 use:
    systemctl --user --global enable dirmngr.socket
 To enable socket-activated gpg-agent for all accounts on the system,
 use:
    systemctl --user --global enable gpg-agent.socket
 Additionally, you can enable socket-activated gpg-agent ssh-agent
 emulation for all accounts on the system with:
    systemctl --user --global enable gpg-agent-ssh.socket
 You can also enable restricted ("--extra-socket"-style) gpg-agent
 sockets for all accounts on the system with:
    systemctl --user --global enable gpg-agent-extra.socket
 Individual users
 ----------------
 A user on a system with systemd where this has not been installed
 system-wide can place these files in ~/.config/systemd/user/ to make
 them available.
 If a given service isn't installed system-wide, or if it's installed
 system-wide but not globally enabled, individual users will still need
 to enable them.  For example, to enable socket-activated dirmngr for
 all future sessions:
    systemctl --user enable dirmngr.socket
 To enable socket-activated gpg-agent with ssh support, do:
    systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket
 These changes won't take effect until your next login after you've
 fully logged out (be sure to terminate any running daemons before
 logging out).
 If you'd rather try a socket-activated GnuPG daemon in an
 already-running session without logging out (with or without enabling
 it for all future sessions), kill any existing daemon and start the
 user socket directly.  For example, to set up socket-activated dirmgnr
 in the current session:
    gpgconf --kill dirmngr
    systemctl --user start dirmngr.socket
--- a/doc/examples/systemd-user/dirmngr.service
+++ b/doc/examples/systemd-user/dirmngr.service
@ -1,8 +0,0 @@
 [Unit]
 Description=GnuPG network certificate management daemon
 Documentation=man:dirmngr(8)
 Requires=dirmngr.socket
 [Service]
 ExecStart=/usr/bin/dirmngr --supervised
 ExecReload=/usr/bin/gpgconf --reload dirmngr
--- a/doc/examples/systemd-user/dirmngr.socket
+++ b/doc/examples/systemd-user/dirmngr.socket
@ -1,11 +0,0 @@
 [Unit]
 Description=GnuPG network certificate management daemon
 Documentation=man:dirmngr(8)
 [Socket]
 ListenStream=%t/gnupg/S.dirmngr
 SocketMode=0600
 DirectoryMode=0700
 [Install]
 WantedBy=sockets.target
--- a/doc/examples/systemd-user/gpg-agent-browser.socket
+++ b/doc/examples/systemd-user/gpg-agent-browser.socket
@ -1,13 +0,0 @@
 [Unit]
 Description=GnuPG cryptographic agent and passphrase cache (access for web browsers)
 Documentation=man:gpg-agent(1)
 [Socket]
 ListenStream=%t/gnupg/S.gpg-agent.browser
 FileDescriptorName=browser
 Service=gpg-agent.service
 SocketMode=0600
 DirectoryMode=0700
 [Install]
 WantedBy=sockets.target
--- a/doc/examples/systemd-user/gpg-agent-extra.socket
+++ b/doc/examples/systemd-user/gpg-agent-extra.socket
@ -1,13 +0,0 @@
 [Unit]
 Description=GnuPG cryptographic agent and passphrase cache (restricted)
 Documentation=man:gpg-agent(1)
 [Socket]
 ListenStream=%t/gnupg/S.gpg-agent.extra
 FileDescriptorName=extra
 Service=gpg-agent.service
 SocketMode=0600
 DirectoryMode=0700
 [Install]
 WantedBy=sockets.target
--- a/doc/examples/systemd-user/gpg-agent-ssh.socket
+++ b/doc/examples/systemd-user/gpg-agent-ssh.socket
@ -1,13 +0,0 @@
 [Unit]
 Description=GnuPG cryptographic agent (ssh-agent emulation)
 Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
 [Socket]
 ListenStream=%t/gnupg/S.gpg-agent.ssh
 FileDescriptorName=ssh
 Service=gpg-agent.service
 SocketMode=0600
 DirectoryMode=0700
 [Install]
 WantedBy=sockets.target
--- a/doc/examples/systemd-user/gpg-agent.service
+++ b/doc/examples/systemd-user/gpg-agent.service
@ -1,8 +0,0 @@
 [Unit]
 Description=GnuPG cryptographic agent and passphrase cache
 Documentation=man:gpg-agent(1)
 Requires=gpg-agent.socket
 [Service]
 ExecStart=/usr/bin/gpg-agent --supervised
 ExecReload=/usr/bin/gpgconf --reload gpg-agent
--- a/doc/examples/systemd-user/gpg-agent.socket
+++ b/doc/examples/systemd-user/gpg-agent.socket
@ -1,12 +0,0 @@
 [Unit]
 Description=GnuPG cryptographic agent and passphrase cache
 Documentation=man:gpg-agent(1)
 [Socket]
 ListenStream=%t/gnupg/S.gpg-agent
 FileDescriptorName=std
 SocketMode=0600
 DirectoryMode=0700
 [Install]
 WantedBy=sockets.target
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -175,7 +175,7 @@ listening sockets.  This option is deprecated and not supported on
 Windows.
 If in @file{common.conf} the option @option{no-autostart} is set, any
-start attemps will be ignored.
+start attempts will be ignored.
 In --supervised mode, different file descriptors can be provided for
 use as different socket types (e.g. ssh, extra) as long as they are
--- a/doc/gpg-card.texi
+++ b/doc/gpg-card.texi
@ -153,7 +153,7 @@ Command completion in the interactive mode is also supported.
@item AUTHENTICATE [--setkey] [--raw] [< @var{file}]|@var{key}]
@itemx AUTH
@opindex authenticate
-Authenticate to the card.  Perform a mutual autentication either by
+Authenticate to the card.  Perform a mutual authentication either by
 reading the key from @var{file} or by taking it from the command line
 as @var{key}.  Without the option @option{--raw} the key is expected
 to be hex encoded.  To install a new administration key
@ -242,7 +242,7 @@ a @var{pinref} a menu is presented for certain cards."  In
 non-interactive mode and without a @var{pinref} a default value i used
 for these cards.  The option @option{--reset} is used with TCOS cards
 to reset the PIN using the PUK or vice versa; the option
-@var{--nullpin} is used for these cards to set the intial PIN.
+@var{--nullpin} is used for these cards to set the initial PIN.
@item PRIVATEDO [--clear] @var{n} [< @var{file}]
@opindex privatedo
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -616,7 +616,7 @@ Emit @var{count} random bytes of the given quality level 0, 1 or 2. If
@var{count} is not given or zero, an endless sequence of random bytes
 will be emitted.  If used with @option{--armor} the output will be
 base64 encoded.  The special level 16 uses a quality level of 1 and
-outpust end endless stream of hex-encoded octets.  The special level
+outputs an endless stream of hex-encoded octets.  The special level
 30 outputs random as 30 zBase-32 characters.
@item --gen-prime @var{mode}  @var{bits}
@ -635,11 +635,11 @@ The @option{--dearmor} command can also be used to dearmor PEM armors.
@item --unwrap
@opindex unwrap
-This command is similar to @option{--decrypt} with the change that the
+This command is similar to @option{--decrypt} with the difference that the
 output is not the usual plaintext but the original message with the
-decryption layer removed.  Thus the output will be an OpenPGP data
+encryption layer removed.  Thus the output will be an OpenPGP data
 structure which often means a signed OpenPGP message.  Note that this
-command may or may not remove a compression layer which is often found
+option may or may not remove a compression layer which is often found
 beneath the encryption layer.
@item --tofu-policy @{auto|good|unknown|bad|ask@}  @var{keys}
@ -860,9 +860,10 @@ line.
  @opindex keyedit:tsign
  Make a trust signature. This is a signature that combines the notions
  of certification (like a regular signature), and trust (like the
-  "trust" command). It is generally only useful in distinct communities
+  "trust" command). It is generally useful in distinct communities
-  or groups.  For more information please read the sections
+  or groups to implement the concept of a Trusted Introducer.  For
-  ``Trust Signature'' and ``Regular Expression'' in RFC-4880.
+  more information please read the sections ``Trust Signature'' and
  ``Regular Expression'' in RFC-4880.
@end table
@c man:.RS
@ -1341,7 +1342,7 @@ Assume "no" on most questions.  Should not be used in an option file.
@item --list-filter @{select=@var{expr}@}
@opindex list-filter
 A list filter can be used to output only certain keys during key
-listsin command. For the availbale property names, see the description
+listing commands. For the available property names, see the description
 of @option{--import-filter}.
@ -1658,6 +1659,16 @@ for the BZIP2 compression algorithm (defaulting to 6 as well). This is a
 different option from @option{--compress-level} since BZIP2 uses a
 significant amount of memory for each additional compression level.
@option{-z} sets both. A value of 0 for @var{n} disables compression.
 A value of -1 forces compression using the default level.
 Except for the @option{--store} command compression is always used
 unless @command{gpg} detects that the input is already compressed.  To
 inhibit the use of compression use @option{-z0}; to force compression
 use @option{-z-1} or option @option{z} with another compression level
 than the default as indicated by -1.  Note that this overriding of the
 default deection works only with @option{z} and not with the long
 variant of this option.
@item --bzip2-decompress-lowmem
@opindex bzip2-decompress-lowmem
@ -1754,7 +1765,8 @@ Set what trust model GnuPG should follow. The models are:
  @item tofu
  @opindex trust-model:tofu
  @anchor{trust-model-tofu}
-  TOFU stands for Trust On First Use.  In this trust model, the first
+  TOFU stands for Trust On First Use.  In this experimental trust
  model, the first
  time a key is seen, it is memorized.  If later another key with a
  user id with the same email address is seen, both keys are marked as
  suspect.  In that case, the next time either is used, a warning is
@ -1803,7 +1815,8 @@ Set what trust model GnuPG should follow. The models are:
  @item tofu+pgp
  @opindex trust-model:tofu+pgp
-  This trust model combines TOFU with the Web of Trust.  This is done
+  This experimental trust model combines TOFU with the Web of Trust.
  This is done
  by computing the trust level for each model and then taking the
  maximum trust level where the trust levels are ordered as follows:
  @code{unknown < undefined < marginal < fully < ultimate < expired <
@ -2048,7 +2061,7 @@ are available for all keyserver types, some common options are:
 The default list of options is: "self-sigs-only, import-clean,
 repair-keys, repair-pks-subkey-bug, export-attributes". However, if
 the actual used source is an LDAP server "no-self-sigs-only" is
-assumed unless "self-sigs-only" has been explictly configured.
+assumed unless "self-sigs-only" has been explicitly configured.
@item --completes-needed @var{n}
@ -3546,13 +3559,7 @@ signatures made using SHA-1, those key signatures are considered
 invalid.  This options allows to override this restriction.
@item --override-compliance-check
-@opindex --override-compliance-check
+This was a temporary introduced option and has no more effect.
 The signature verification only allows the use of keys suitable in the
 current compliance mode.  If the compliance mode has been forced by a
 global option, there might be no way to check certain signature.  This
 option allows to override this and prints an extra warning in such a
 case.  This option is ignored in --batch mode so that no accidental
 unattended verification may happen.
@item --no-default-keyring
@opindex no-default-keyring
--- a/doc/wks.texi
+++ b/doc/wks.texi
@ -189,7 +189,9 @@ fields are (future versions may specify additional fields):
@itemx -o
@opindex output
 Write the created mail to @var{file} instead of stdout.  Note that the
-value @code{-} for @var{file} is the same as writing to stdout.
+value @code{-} for @var{file} is the same as writing to stdout.  If
 this option is used with the @option{--check} command and a key was
 found it is written to the given file.
@item --status-fd @var{n}
@opindex status-fd
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@ -47,9 +47,7 @@ endif
 # NB: We use noinst_ for gpg and gpgv so that we can install them with
 # the install-hook target under the name gpg2/gpgv2.
 noinst_PROGRAMS = gpg
 if !HAVE_W32CE_SYSTEM
 noinst_PROGRAMS += gpgv
 endif
 noinst_PROGRAMS += $(module_tests)
 if DISABLE_TESTS
 TESTS =
@ -173,12 +171,12 @@ LDADD =  $(needed_libs) ../common/libgpgrl.a \
         $(ZLIBS) $(LIBINTL) $(CAPLIBS)
 gpg_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
             $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
-	     $(LIBICONV) $(resource_objs) $(extra_sys_libs)
+	     $(LIBICONV) $(resource_objs)
-gpg_LDFLAGS = $(extra_bin_ldflags)
+gpg_LDFLAGS =
 gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
 	      $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
-	      $(LIBICONV) $(resource_objs) $(extra_sys_libs)
+	      $(LIBICONV) $(resource_objs)
-gpgv_LDFLAGS = $(extra_bin_ldflags)
+gpgv_LDFLAGS =
 t_common_ldadd =
--- a/g10/call-keyboxd.c
+++ b/g10/call-keyboxd.c
@ -106,7 +106,7 @@ gpg_keyboxd_deinit_session_data (ctrl_t ctrl)
              err = assuan_transact (kbl->ctx, "TRANSACTION commit",
                                     NULL, NULL, NULL, NULL, NULL, NULL);
              if (err)
-                log_error ("error commiting last transaction: %s\n",
+                log_error ("error committing last transaction: %s\n",
                            gpg_strerror (err));
              in_transaction = 0;
            }
--- a/g10/cipher-aead.c
+++ b/g10/cipher-aead.c
@ -295,9 +295,9 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size)
          size_t n1 = cfx->chunksize - (cfx->chunklen + cfx->buflen);
          finalize = 1;
          if (DBG_FILTER)
-            log_debug ("chunksize %"PRIu64" reached;"
+            log_debug ("chunksize %llu reached;"
                       " cur buflen=%zu using %zu of %zu\n",
-                       cfx->chunksize, cfx->buflen,
+                       (unsigned long long)cfx->chunksize, cfx->buflen,
                       n1, n);
          n = n1;
        }
--- a/g10/decrypt-data.c
+++ b/g10/decrypt-data.c
@ -675,8 +675,10 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len)
  /* Decrypt the buffer.  This first requires a loop to handle the
   * case when a chunk ends within the buffer.  */
  if (DBG_FILTER)
-    log_debug ("decrypt: chunklen=%"PRIu64" total=%"PRIu64" size=%zu len=%zu%s\n",
+    log_debug ("decrypt: chunklen=%llu total=%llu size=%zu len=%zu%s\n",
-               dfx->chunklen, dfx->total, size, len,
+               (unsigned long long)dfx->chunklen,
               (unsigned long long)dfx->total,
               size, len,
               dfx->eof_seen? " eof":"");
  while (len && dfx->chunklen + len >= dfx->chunksize)
@ -712,8 +714,8 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len)
      len -= n;
      if (DBG_FILTER)
-        log_debug ("ndecrypted: %zu (nchunk=%"PRIu64") bytes left: %zu at off=%zu\n",
+        log_debug ("ndecrypted: %zu (nchunk=%llu) bytes left: %zu at off=%zu\n",
-                   totallen, dfx->chunklen, len, off);
+                   totallen, (unsigned long long)dfx->chunklen, len, off);
      /* Check the tag.  */
      if (len < 16)
@ -794,8 +796,8 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len)
      dfx->chunklen += len;
      dfx->total += len;
      if (DBG_FILTER)
-        log_debug ("ndecrypted: %zu (nchunk=%"PRIu64")\n",
+        log_debug ("ndecrypted: %zu (nchunk=%llu)\n",
-                   totallen, dfx->chunklen);
+                   totallen, (unsigned long long)dfx->chunklen);
    }
  if (dfx->eof_seen)
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@ -1,7 +1,7 @@
 /* encrypt.c - Main encryption driver
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
 *               2006, 2009 Free Software Foundation, Inc.
- * Copyright (C) 2016 g10 Code GmbH
+ * Copyright (C) 2016, 2023 g10 Code GmbH
 *
 * This file is part of GnuPG.
 *
@ -17,6 +17,7 @@
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <https://www.gnu.org/licenses/>.
 * SPDX-License-Identifier: GPL-3.0-or-later
 */
 #include <config.h>
@ -409,6 +410,8 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
  text_filter_context_t tfx;
  progress_filter_context_t *pfx;
  int do_compress = !!default_compress_algo();
  char peekbuf[32];
  int  peekbuflen;
  if (!gnupg_rng_is_compliant (opt.compliance))
    {
@ -445,6 +448,14 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
      return rc;
    }
  peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
  if (peekbuflen < 0)
    {
      peekbuflen = 0;
      if (DBG_FILTER)
        log_debug ("peeking at input failed\n");
    }
  handle_progress (pfx, inp, filename);
  if (opt.textmode)
@ -470,8 +481,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
      if (use_seskey && s2k->mode != 1 && s2k->mode != 3)
        {
          use_seskey = 0;
-          log_info (_("can't use a SKESK packet"
+          log_info (_("can't use a SKESK packet due to the S2K mode\n"));
                      "due to the S2K mode\n"));
        }
      /* See whether we want to use AEAD.  */
@ -510,10 +520,11 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
  if (do_compress
      && cfx.dek
      && (cfx.dek->use_mdc || cfx.dek->use_aead)
-      && is_file_compressed(filename, &rc))
+      && !opt.explicit_compress_option
      && is_file_compressed (peekbuf, peekbuflen))
    {
      if (opt.verbose)
-        log_info(_("'%s' already compressed\n"), filename);
+        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
      do_compress = 0;
    }
@ -781,6 +792,8 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
  progress_filter_context_t *pfx;
  PK_LIST pk_list;
  int do_compress;
  char peekbuf[32];
  int  peekbuflen;
  if (filefd != -1 && filename)
    return gpg_error (GPG_ERR_INV_ARG);  /* Both given.  */
@ -853,6 +866,14 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
  if (opt.verbose)
    log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp));
  peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
  if (peekbuflen < 0)
    {
      peekbuflen = 0;
      if (DBG_FILTER)
        log_debug ("peeking at input failed\n");
    }
  handle_progress (pfx, inp, filename);
  if (opt.textmode)
@ -885,10 +906,11 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
   * ciphertext attacks. */
  if (do_compress
      && (cfx.dek->use_mdc || cfx.dek->use_aead)
-      && is_file_compressed (filename, &rc2))
+      && !opt.explicit_compress_option
      && is_file_compressed (peekbuf, peekbuflen))
    {
      if (opt.verbose)
-        log_info(_("'%s' already compressed\n"), filename);
+        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
      do_compress = 0;
    }
  if (rc2)
--- a/g10/export.c
+++ b/g10/export.c
@ -2026,7 +2026,16 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
                                               hexgrip, pk, NULL);
              if (err)
                {
-                  if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
+                  /* If we receive a fully canceled error we stop
                   * immediately.  If we receive a cancel for a public
                   * key we also stop immediately because a
                   * public/secret key is always required first
                   * (right, we could instead write a stub key but
                   * that is also kind of surprising).  If we receive
                   * a subkey we skip to the next subkey.  */
                  if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED
                      || (node->pkt->pkttype == PKT_PUBLIC_KEY
                          && gpg_err_code (err) == GPG_ERR_CANCELED))
                    goto leave;
                  write_status_error ("export_keys.secret", err);
                  skip_until_subkey = 1;
@ -2455,7 +2464,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
  keydb_release (kdbhd);
  if (err || !keyblock_out)
    release_kbnode( keyblock );
-  if( !*any )
+  if( !*any && !opt.quiet)
    log_info (_("WARNING: nothing exported\n"));
  return err;
 }
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -360,7 +360,6 @@ enum cmd_and_opt_values
    oShowSessionKey,
    oOverrideSessionKey,
    oOverrideSessionKeyFD,
    oOverrideComplianceCheck,
    oNoRandomSeedFile,
    oAutoKeyRetrieve,
    oNoAutoKeyRetrieve,
@ -878,7 +877,6 @@ static gpgrt_opt_t opts[] = {
  ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
  ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
  ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
  ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
  ARGPARSE_header (NULL, N_("Options for unattended use")),
@ -972,6 +970,7 @@ static gpgrt_opt_t opts[] = {
  ARGPARSE_s_s (oNoop, "aead-algo", "@"),
  ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
  ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
  ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
  ARGPARSE_group (302, N_(
@ -3203,6 +3202,7 @@ main (int argc, char **argv)
 	  case oCompress:
 	    /* this is the -z command line option */
 	    opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
            opt.explicit_compress_option = 1;
 	    break;
 	  case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
 	  case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
@ -3665,10 +3665,6 @@ main (int argc, char **argv)
            opt.flags.allow_old_cipher_algos = 1;
            break;
          case oOverrideComplianceCheck:
            opt.flags.override_compliance_check = 1;
            break;
          case oFakedSystemTime:
            {
              size_t len = strlen (pargs.r.ret_str);
@ -3878,15 +3874,6 @@ main (int argc, char **argv)
 	g10_exit(2);
      }
    /* We allow overriding the compliance check only in non-batch mode
     * so that the user has a chance to see the message.  */
    if (opt.flags.override_compliance_check && opt.batch)
      {
        opt.flags.override_compliance_check = 0;
        log_info ("Note: '%s' ignored due to batch mode\n",
                  "--override-compliance-check");
      }
    set_debug (debug_level);
    if (opt.verbose) /* Print the compatibility flags.  */
      parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -2516,7 +2516,7 @@ check_sig_and_print (CTX c, kbnode_t node)
        }
      /* Compute compliance with CO_DE_VS.  */
-      if (pk && is_status_enabled ()
+      if (pk
          && gnupg_gcrypt_is_compliant (CO_DE_VS)
          && gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey,
                                    nbits_from_pk (pk), NULL)
--- a/g10/options.h
+++ b/g10/options.h
@ -98,6 +98,7 @@ struct
  int def_digest_algo;
  int cert_digest_algo;
  int compress_algo;
  int explicit_compress_option; /* A compress option was explicitly given. */
  int compress_level;
  int bz2_compress_level;
  int bz2_decompress_lowmem;
@ -244,7 +245,6 @@ struct
    unsigned int allow_old_cipher_algos:1;
    unsigned int allow_weak_digest_algos:1;
    unsigned int allow_weak_key_signatures:1;
    unsigned int override_compliance_check:1;
    unsigned int large_rsa:1;
    unsigned int disable_signer_uid:1;
    unsigned int include_key_block:1;
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -78,18 +78,11 @@ check_key_verify_compliance (PKT_public_key *pk)
                            NULL))
    {
      /* Compliance failure.  */
-      log_info (_("key %s may not be used for signing in %s mode\n"),
+      log_error (_("key %s may not be used for signing in %s mode\n"),
                 keystr_from_pk (pk),
                 gnupg_compliance_option_string (opt.compliance));
      if (opt.flags.override_compliance_check)
        log_info (_("continuing verification anyway due to option %s\n"),
                  "--override-compliance-failure");
      else
        {
          log_inc_errorcount (); /* We used log info above.  */
      err = gpg_error (GPG_ERR_PUBKEY_ALGO);
    }
    }
  return err;
 }
--- a/g10/sign.c
+++ b/g10/sign.c
@ -1037,6 +1037,9 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
  int multifile = 0;
  u32 duration=0;
  pt_extra_hash_data_t extrahash = NULL;
  char peekbuf[32];
  int  peekbuflen = 0;
  pfx = new_progress_context ();
  afx = new_armor_context ();
@ -1095,6 +1098,14 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
          goto leave;
 	}
      peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
      if (peekbuflen < 0)
        {
          peekbuflen = 0;
          if (DBG_FILTER)
            log_debug ("peeking at input failed\n");
        }
      handle_progress (pfx, inp, fname);
    }
@ -1251,8 +1262,14 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
    {
      int compr_algo = opt.compress_algo;
-      /* If not forced by user */
+      if (!opt.explicit_compress_option
-      if (compr_algo==-1)
+          && is_file_compressed (peekbuf, peekbuflen))
        {
          if (opt.verbose)
            log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]");
          compr_algo = 0;
        }
      else if (compr_algo==-1)
        {
          /* If we're not encrypting, then select_algo_from_prefs
           * will fail and we'll end up with the default.  If we are
--- a/kbx/Makefile.am
+++ b/kbx/Makefile.am
@ -37,12 +37,6 @@ else
 libexec_PROGRAMS =
 endif
 if HAVE_W32CE_SYSTEM
 extra_libs =  $(LIBASSUAN_LIBS)
 else
 extra_libs =
 endif
 common_libs = $(libcommon)
 commonpth_libs = $(libcommonpth)
@ -75,7 +69,7 @@ libkeybox509_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) -DKEYBOX
 kbxutil_SOURCES = kbxutil.c $(common_sources)
 kbxutil_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1
 kbxutil_LDADD   = $(common_libs) \
-                  $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(extra_libs) \
+                  $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \
                  $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) \
 		  $(NETLIBS)
@ -98,7 +92,7 @@ keyboxd_LDADD = $(commonpth_libs) \
 	        $(SQLITE3_LIBS) $(GPG_ERROR_LIBS) \
                $(LIBINTL) $(NETLIBS) $(LIBICONV) \
 		$(resource_objs)
-keyboxd_LDFLAGS = $(extra_bin_ldflags)
+keyboxd_LDFLAGS =
 keyboxd_DEPENDENCIES = $(resource_objs)
--- a/po/ca.po
+++ b/po/ca.po
@ -431,6 +431,14 @@ msgstr ""
 msgid "enable putty support"
 msgstr "no és suportat"
 # Gènere?  Nombre?  ivb
 # Werner FIXME: please add translator comment saying *what* is
 # uncompressed so we know the gender. jm
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "no és suportat"
 msgid "Options controlling the security"
 msgstr ""
@ -1921,8 +1929,9 @@ msgstr "AVÍS: %s és una opció desaconsellada.\n"
 msgid "error creating passphrase: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "no es pot usar un paquet asimètric ESK al estar en mode S2K\n"
 #, fuzzy, c-format
@ -2008,9 +2017,18 @@ msgstr "la clau secreta és inusable"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "genera un certificat de revocació"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2516,6 +2534,11 @@ msgstr "mostra en quin anell de claus està una clau llistada"
 msgid "show expiration dates during signature listings"
 msgstr "No hi ha cap signatura corresponent en l'anell secret\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "estableix la llista de preferències"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "el destinatari predeterminat és desconegut «%s»\n"
@ -2678,11 +2701,6 @@ msgstr "s'està escrivint la clau secreta a «%s»\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "l'algorisme de xifratge triat no és vàlid\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "l'algorisme de resum seleccionat no és vàlid\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "l'algorisme de xifratge triat no és vàlid\n"
@ -2728,11 +2746,6 @@ msgstr "les preferències per defecte són invàlides\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "les preferències personals de xifrat són invàlides\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "les preferències personals de xifrat són invàlides\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "les preferències personals de digest són invàlides\n"
@ -2750,10 +2763,6 @@ msgstr "la mida de la clau és invàlida; s'hi usaran %u bits\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s encara no funciona amb %s\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "no podeu usar l'algorisme de xifratge «%s» mentre esteu en mode %s\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "no podeu usar l'algorisme de compressió %s mentre esteu en mode %s\n"
@ -3980,18 +3989,6 @@ msgstr "error: l'empremta digital és invàlida\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "no s'ha trobat la clau «%s»: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Resum: "
 msgid "Features: "
 msgstr "Funcionalitats: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4852,6 +4849,18 @@ msgstr "Crear realment? "
 msgid "never     "
 msgstr "mai       "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Resum: "
 msgid "Features: "
 msgstr "Funcionalitats: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Política de signatura crítica: "
@ -9451,6 +9460,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "l'algorisme de resum seleccionat no és vàlid\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "les preferències personals de xifrat són invàlides\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr ""
 #~ "no podeu usar l'algorisme de xifratge «%s» mentre esteu en mode %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "forçar el xifrat asimètric %s (%d) viola les preferències del "
@ -11129,9 +11153,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "esborra signatures"
 #~ msgid "set preference list"
 #~ msgstr "estableix la llista de preferències"
 #~ msgid "updated preferences"
 #~ msgstr "preferències actualitzades"
--- a/po/cs.po
+++ b/po/cs.po
@ -28,6 +28,7 @@
 # action → způsob užití (klíče)
 # administrator → správce
 # cache → keš
 # compliance rules → pravidla normy
 # distribution point → místo distribuce
 # DP (distribution point (of CRL)) → DP
 # load → zavést
@ -37,9 +38,9 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: gnupg2 2.3.4\n"
+"Project-Id-Version: gnupg2 2.3.8\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2022-02-20 16:09+01:00\n"
+"PO-Revision-Date: 2022-11-13 14:21+01:00\n"
 "Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n"
 "Language-Team: Czech <gnupg-i18n@gnupg.org>\n"
 "Language: cs\n"
@ -296,10 +297,9 @@ msgstr "PIN nebyl zopakován správně; zkuste to znovu"
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Prosím, zadejte PIN%s%s%s, abyste odemkli kartu"
-#, fuzzy, c-format
+#, c-format
 #| msgid "error writing to %s: %s\n"
 msgid "error writing to pipe: %s\n"
-msgstr "chyba při zápisu do %s: %s\n"
+msgstr "chyba při zápisu do roury: %s\n"
 msgid "Enter new passphrase"
 msgstr "Vložte nové heslo"
@ -417,6 +417,9 @@ msgstr "|ALGORITMUS|ukazovat otisky SSH pomocí ALGORITMU"
 msgid "enable putty support"
 msgstr "zapnout podporu pro PuTTY"
 msgid "enable Win32-OpenSSH support"
 msgstr "zapnout podporu pro Win32-OpenSSH"
 msgid "Options controlling the security"
 msgstr "Volby ovlivňující bezpečnost"
@ -776,14 +779,9 @@ msgstr "Změním jej později"
 msgid "Please insert the card with serial number"
 msgstr "Prosím, vložte kartu se sériovým číslem"
-#, fuzzy, c-format
+#, c-format
 #| msgid ""
 #| "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want "
 #| "to allow this?"
 msgid "Requested the use of key%%0A  %s%%0A  %s%%0ADo you want to allow this?"
-msgstr ""
+msgstr "Vyžádáno použití klíče%%0A  %s%%0A  %s%%0APřejete si to povolit?"
 "Proces SSH si vyžádal použití klíče%%0A  %s%%0A  (%s)%%0APřejete si to "
 "povolit?"
 #, c-format
 msgid ""
@ -1810,7 +1808,7 @@ msgid "error creating passphrase: %s\n"
 msgstr "chyba při vytváření hesla: %s\n"
 #, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "v režimu S2K nelze použít symetrický ESK paket\n"
 #, c-format
@ -1849,10 +1847,9 @@ msgstr "zašifrováno pomocí %s/%s.%s pro: „%s“\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "volba „%s“ se nesmí používat v režimu %s\n"
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s.%s encrypted data\n"
 msgid "%s encrypted data\n"
-msgstr "data zašifrovaná pomocí %s.%s\n"
+msgstr "data zašifrovaná pomocí %s\n"
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
@ -1882,9 +1879,19 @@ msgstr "odstranit nepoužitelné části z klíče při exportu"
 msgid "remove as much as possible from key during export"
 msgstr "odstranit při exportu z klíče vše, co lze"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "vytvořit revokační certifikát"
 msgid "use the GnuPG key backup format"
 msgstr "použít záložní formát klíče GnuPG"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "exportování tajného klíče není povoleno\n"
 msgid " - skipped"
 msgstr " – přeskočeno"
@ -2329,6 +2336,11 @@ msgstr "ukazovat název souboru s klíči při výpisu klíčů"
 msgid "show expiration dates during signature listings"
 msgstr "ukazovat data expirace během výpisu podpisů"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "vypsat seznam předvoleb (pro experty)"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "neznámá TOFU politika „%s“\n"
@ -2484,10 +2496,6 @@ msgstr "nelze spustit s nebezpečnou pamětí vzhledem k %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "vybraný šifrovací algoritmus je neplatný\n"
 #, c-format
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "vybraný algoritmus AEAD je neplatný\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "vybraný kompresní algoritmus je neplatný\n"
@ -2536,10 +2544,6 @@ msgstr "neplatné implicitní předvolby\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "neplatné uživatelské předvolby pro šifrování\n"
 #, c-format
 msgid "invalid personal AEAD preferences\n"
 msgstr "neplatné uživatelské předvolby pro AEAD\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "neplatné uživatelské předvolby pro hashování\n"
@ -2556,10 +2560,6 @@ msgstr "neplatná velikost bloku – použije se %d\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s dosud není funkční s %s\n"
 #, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "AEAD algoritmus „%s“ se nesmí používat v režimu %s\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "kompresní algoritmus „%s“ se nesmí používat v režimu %s\n"
@ -3683,18 +3683,6 @@ msgstr "„%s“ není řádný otisk\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "podklíč „%s“ nenalezen\n"
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Hash: "
 msgid "Features: "
 msgstr "Vlastnosti: "
 msgid "Keyserver no-modify"
 msgstr "Keyserver bez modifikace"
 msgid "Preferred keyserver: "
 msgstr "Preferovaný keyserver: "
@ -3793,10 +3781,8 @@ msgstr "Jste si jistý, že jej chcete stále přidat? (a/N) "
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Neměli by jste přidávat fotografický ID k PGP2 klíči.\n"
 #, fuzzy
 #| msgid "Such a user ID already exists on this key!\n"
 msgid "Such a user ID already exists on this key!"
-msgstr "Takový identifikátor uživatele již u tohoto klíče existuje!\n"
+msgstr "Takový identifikátor uživatele již u tohoto klíče existuje!"
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Smazat tento dobrý podpis? (a/N/u)"
@ -4494,6 +4480,18 @@ msgstr "Opravdu vytvořit? (a/N) "
 msgid "never     "
 msgstr "nikdy     "
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Hash: "
 msgid "Features: "
 msgstr "Vlastnosti: "
 msgid "Keyserver no-modify"
 msgstr "Keyserver bez modifikace"
 msgid "Critical signature policy: "
 msgstr "Kritická podepisovací politika: "
@ -4759,7 +4757,7 @@ msgstr "dešifrování selhalo: %s\n"
 #, c-format
 msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
+msgstr "operace byla přinucena selhat, protože nebyla splněna pravidla normy\n"
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
@ -6816,7 +6814,7 @@ msgid "error getting key usage information: %s\n"
 msgstr "chyba při zjišťování informací o použití klíče: %s\n"
 msgid "Tor might be in use - network access is limited"
-msgstr ""
+msgstr "Možná se používá Tor – přístup k síti je omezen"
 #, c-format
 msgid "validation model requested by certificate: %s"
@ -8070,11 +8068,8 @@ msgstr "volání crl_cache_insert přes vydavatele selhalo: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "tabulka mapování čtenáře na soubor je plná – čeká se\n"
 # Poslední argument je název protokolu
 #, fuzzy
 #| msgid "CRL access not possible due to Tor mode\n"
 msgid "CRL access not possible due to Tor mode"
-msgstr "Přístup k CRL není možný kvůli režimu Tor\n"
+msgstr "Přístup k CRL není možný kvůli režimu Tor"
 # Poslední argument je název protokolu
 #, c-format
@ -8246,10 +8241,8 @@ msgstr "|URL|všechny HTTP požadavky přesměruje na URL"
 msgid "use system's HTTP proxy setting"
 msgstr "používat systémové nastavení HTTP proxy"
 #, fuzzy
 #| msgid "Configuration for HTTP servers"
 msgid "Configuration for OpenPGP servers"
-msgstr "Nastavení HTTP serverů"
+msgstr "Nastavení pro servery OpenPGP"
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|používat server klíčů na URL"
@ -8257,10 +8250,8 @@ msgstr "|URL|používat server klíčů na URL"
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|SOUBOR|pro HKP přes TLS použije certifikáty CA ze SOUBORU"
 #, fuzzy
 #| msgid "Configuration for HTTP servers"
 msgid "Configuration for X.509 servers"
-msgstr "Nastavení HTTP serverů"
+msgstr "Nastavení pro servery X.509"
 msgid "inhibit the use of LDAP"
 msgstr "zakáže použití LDAP"
@ -8491,10 +8482,8 @@ msgstr "chyba při čtení z odpovídače: %s\n"
 msgid "response from server too large; limit is %d bytes\n"
 msgstr "odpověď serveru je příliš velká, limit je %d bajtů\n"
 #, fuzzy
 #| msgid "OCSP request not possible due to Tor mode\n"
 msgid "OCSP request not possible due to Tor mode"
-msgstr "OCSP dotaz není možný kvůli režimu Tor\n"
+msgstr "OCSP dotaz není možný kvůli režimu Tor"
 #, c-format
 msgid "OCSP request not possible due to disabled HTTP\n"
@ -8955,6 +8944,15 @@ msgstr "Příkazy pro správu Yubikey"
 msgid "manage the command history"
 msgstr "spravuje historii příkazů"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "vybraný algoritmus AEAD je neplatný\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "neplatné uživatelské předvolby pro AEAD\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "AEAD algoritmus „%s“ se nesmí používat v režimu %s\n"
 #~ msgid "error writing to temporary file: %s\n"
 #~ msgstr "chyba při zápisu do dočasného souboru: %s\n"
--- a/po/da.po
+++ b/po/da.po
@ -453,6 +453,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr ""
 #, fuzzy
 #| msgid "enable ssh-agent emulation"
 msgid "enable Win32-OpenSSH support"
 msgstr "aktiver ssh-agent-emulering"
 msgid "Options controlling the security"
 msgstr "Tilvalg der kontrollerer sikkerheden"
@ -1963,8 +1968,9 @@ msgstr "ADVARSEL: »%s« er en forældet indstilling - den har ingen effekt\n"
 msgid "error creating passphrase: %s\n"
 msgstr "fejl ved oprettelse af adgangsfrase: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "kan ikke bruge en symmetrisk ESK-pakke på grund af S2K-tilstanden\n"
 #, fuzzy, c-format
@ -2045,9 +2051,19 @@ msgstr "fjern nøgledele der ikke kan bruges under eksport"
 msgid "remove as much as possible from key during export"
 msgstr "fjern så meget som muligt fra nøglen under eksport"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "opret et tilbagekaldscertifikat"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "eksport af hemmelige nøgler er ikke tilladt\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2554,6 +2570,11 @@ msgstr "vis nøgleringsnavnet i nøglevisninger"
 msgid "show expiration dates during signature listings"
 msgstr "vis udløbsdatoer under underskriftvisninger"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "vis præferencer (ekspert)"
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown TOFU policy '%s'\n"
@ -2718,11 +2739,6 @@ msgstr "vil ikke køre med usikker hukommelse på grund af %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "valgt chifferalgoritme er ugyldig\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "valgt sammendragsalgoritme er ugyldig\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "valgt komprimeringsalgoritme er ugyldig\n"
@ -2768,11 +2784,6 @@ msgstr "ugyldige standardpræferencer\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "ugyldige præferencer for personlig chiffer\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "ugyldige præferencer for personlig chiffer\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "ugyldige præferencer for personlig sammendrag\n"
@ -2790,11 +2801,6 @@ msgstr "nøglestørrelse er ugyldig; bruger %u bit\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s virker endnu ikke med %s\n"
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "du må ikke bruge chifferalgoritmen »%s« i tilstanden %s\n"
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm `%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
@ -3999,18 +4005,6 @@ msgstr "ugyldig fingeraftryk"
 msgid "subkey \"%s\" not found\n"
 msgstr "nøglen »%s« blev ikke fundet: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Sammendrag: "
 msgid "Features: "
 msgstr "Funktioner: "
 msgid "Keyserver no-modify"
 msgstr "Nøgleserver no-modify"
 msgid "Preferred keyserver: "
 msgstr "Fortrukken nøgleserver: "
@ -4863,6 +4857,18 @@ msgstr "Vil du virkelig oprette? (j/N) "
 msgid "never     "
 msgstr "aldrig    "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Sammendrag: "
 msgid "Features: "
 msgstr "Funktioner: "
 msgid "Keyserver no-modify"
 msgstr "Nøgleserver no-modify"
 msgid "Critical signature policy: "
 msgstr "Kritisk underskriftspolitik: "
@ -9663,6 +9669,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "valgt sammendragsalgoritme er ugyldig\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "ugyldige præferencer for personlig chiffer\n"
 #, fuzzy
 #~| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "du må ikke bruge chifferalgoritmen »%s« i tilstanden %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "tvang for symmetrisk chiffer %s (%d) overtræder modtagerens præferencer\n"
--- a/po/de.po
+++ b/po/de.po
@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-2.3.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2022-10-07 09:52+0200\n"
+"PO-Revision-Date: 2022-12-16 16:11+0100\n"
 "Last-Translator: Werner Koch <wk@gnupg.org>\n"
 "Language-Team: German <de@li.org>\n"
 "Language: de\n"
@ -397,6 +397,9 @@ msgstr "Verwende ALGO für SSH Fingerabdrücke"
 msgid "enable putty support"
 msgstr "PuTTY Unterstützung einschalten"
 msgid "enable Win32-OpenSSH support"
 msgstr "Win32-OpenSSH Unterstützung einschalten"
 msgid "Options controlling the security"
 msgstr "Optionen zur Einstellung der Sicherheit"
@ -1812,10 +1815,8 @@ msgid "error creating passphrase: %s\n"
 msgstr "Fehler beim Erzeugen des Passwortes: %s\n"
 #, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgid "can't use a SKESK packet due to the S2K mode\n"
-msgstr ""
+msgstr "Aufgrund des S2K-Modus kann ein SKESK Paket nicht benutzt werden\n"
 "Aufgrund des S2K-Modus kann ein symmetrisches ESK Paket nicht benutzt "
 "werden\n"
 #, c-format
 msgid "using cipher %s.%s\n"
@ -1886,9 +1887,15 @@ msgstr "Unbrauchbare Teile des Schlüssel während des Exports entfernen"
 msgid "remove as much as possible from key during export"
 msgstr "Während des Exports soviel wie möglich vom Schlüssel entfernen"
 msgid "export only revocation certificates"
 msgstr "Nur Schlüsselwiderruf-Zertifikate exportieren"
 msgid "use the GnuPG key backup format"
 msgstr "Das GnuPG Datensicherungsformat für Schlüssel benutzen"
 msgid "export secret keys using the GnuPG format"
 msgstr "Geheime Schlüssel im GnuPG Format exportieren"
 msgid " - skipped"
 msgstr " - übersprungen"
@ -2335,6 +2342,9 @@ msgstr "Anzeigen des Schlüsselbundes, in dem ein Schlüssel drin ist"
 msgid "show expiration dates during signature listings"
 msgstr "Das Ablaufdatum mit den Signaturen anlisten"
 msgid "show preferences"
 msgstr "Voreinstellungen anzeigen"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "Unbekannte TOFU Regel '%s'\n"
@ -2492,10 +2502,6 @@ msgstr "Startet nicht mit unsicherem Speicher, wegen Option %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n"
 #, c-format
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "Das ausgewählte AEAD-Verfahren ist ungültig\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "Das ausgewählte Komprimierungsverfahren ist ungültig\n"
@ -2540,10 +2546,6 @@ msgstr "ungültige Standard-Voreinstellungen\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "ungültige private Verschlüsselungsvoreinstellungen\n"
 #, c-format
 msgid "invalid personal AEAD preferences\n"
 msgstr "ungültige private AEAD-Voreinstellungen\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "ungültige private Hashvoreinstellungen\n"
@ -2560,10 +2562,6 @@ msgstr "Ungültige \"Chunk\"-Größe; %d wird verwendet\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s arbeitet noch nicht mit %s zusammen\n"
 #, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "Das AEAD-Verfahren %s darf im %s Modus nicht verwendet werden.\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
@ -3716,18 +3714,6 @@ msgstr "\"%s\" ist kein gültiger Fingerabdruck\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "Unterschlüssel \"%s\" nicht gefunden\n"
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Digest: "
 msgid "Features: "
 msgstr "Eigenschaften: "
 msgid "Keyserver no-modify"
 msgstr "Keyserver no-modify"
 msgid "Preferred keyserver: "
 msgstr "Bevorzugter Schlüsselserver:"
@ -4534,6 +4520,18 @@ msgstr "Wirklich erzeugen? (j/N) "
 msgid "never     "
 msgstr "niemals   "
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Digest: "
 msgid "Features: "
 msgstr "Eigenschaften: "
 msgid "Keyserver no-modify"
 msgstr "Keyserver no-modify"
 msgid "Critical signature policy: "
 msgstr "Entscheidende Beglaubigungsrichtlinie: "
@ -9070,6 +9068,15 @@ msgstr "Verwaltungskommandos für Yubikeys"
 msgid "manage the command history"
 msgstr "Verwaltung der Kommandohistorie"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "Das ausgewählte AEAD-Verfahren ist ungültig\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "ungültige private AEAD-Voreinstellungen\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "Das AEAD-Verfahren %s darf im %s Modus nicht verwendet werden.\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren %s (%d) "
--- a/po/el.po
+++ b/po/el.po
@ -402,6 +402,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "δεν υποστηρίζεται"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "δεν υποστηρίζεται"
 msgid "Options controlling the security"
 msgstr ""
@ -1855,8 +1860,9 @@ msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστ
 msgid "error creating passphrase: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "αδυναμία χρήσης ενός συμμετρικού πακέτου ESK λόγω της κατάστασης S2K\n"
 #, fuzzy, c-format
@ -1943,9 +1949,18 @@ msgstr "μη χρησιμοποιήσιμο μυστικό κλειδί"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "δημιουργία ενός πιστοποιητικού ανάκλησης"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2438,6 +2453,11 @@ msgstr "απεικόνιση της κλειδοθήκης στην οποία
 msgid "show expiration dates during signature listings"
 msgstr "Δεν βρέθηκε αντίστοιχη υπογραφή στη μυστική κλειδοθήκη\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "ορισμός απεικόνισης επιλογών"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n"
@ -2598,11 +2618,6 @@ msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "ο επιλεγμένος αλγόριθμος κρυπτογράφησης δεν είναι έγκυρος\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "ο επιλεγμένος αλγόριθμος περίληψης δεν είναι έγκυρος\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "ο επιλεγμένος αλγόριθμος κρυπτογράφησης δεν είναι έγκυρος\n"
@ -2650,11 +2665,6 @@ msgstr "μη έγκυρες προεπιλογές\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "μη έγκυρες προεπιλογές προσωπικού κρυπταλγόριθμου\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "μη έγκυρες προεπιλογές προσωπικού κρυπταλγόριθμου\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "μη έγκυρες προεπιλογές προσωπικού αλγόριθμου περίληψης\n"
@ -2672,10 +2682,6 @@ msgstr "μη έγκυρο μέγεθος κλειδιού, χρήση %u bits\n"
 msgid "%s does not yet work with %s\n"
 msgstr "το %s ακόμα δε λειτουργεί μαζί με το %s\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "απαγορεύετε η χρήση του κρυπταλγόριθμου \"%s\" στην κατάσταση %s\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
@ -3885,18 +3891,6 @@ msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Περίληψη: "
 msgid "Features: "
 msgstr "Δυνατότητε: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4746,6 +4740,18 @@ msgstr "Σίγουρα να δημιουργηθεί; "
 msgid "never     "
 msgstr "ποτέ     "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Περίληψη: "
 msgid "Features: "
 msgstr "Δυνατότητε: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Πολιτική κρίσιμης υπογραφής: "
@ -9278,6 +9284,20 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "ο επιλεγμένος αλγόριθμος περίληψης δεν είναι έγκυρος\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "μη έγκυρες προεπιλογές προσωπικού κρυπταλγόριθμου\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "απαγορεύετε η χρήση του κρυπταλγόριθμου \"%s\" στην κατάσταση %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "ο εξαναγκασμός συμμετρικού αλγόριθμου %s (%d) παραβιάζει τις\n"
@ -10913,9 +10933,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "διαγραφή υπογραφών"
 #~ msgid "set preference list"
 #~ msgstr "ορισμός απεικόνισης επιλογών"
 #~ msgid "updated preferences"
 #~ msgstr "αναωεωμένες επιλογές"
--- a/po/eo.po
+++ b/po/eo.po
@ -403,6 +403,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "ne realigita"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "ne realigita"
 msgid "Options controlling the security"
 msgstr ""
@ -1851,7 +1856,7 @@ msgid "error creating passphrase: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 #, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr ""
 #, fuzzy, c-format
@ -1929,9 +1934,18 @@ msgstr "neuzebla sekreta ŝlosilo"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "krei revokatestilon"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2420,6 +2434,11 @@ msgstr "montri, en kiu ŝlosilaro estas listigita ŝlosilo"
 msgid "show expiration dates during signature listings"
 msgstr "Mankas responda subskribo en sekreta ŝlosilaro\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "agordi liston de preferoj"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "nekonata implicita ricevonto '%s'\n"
@ -2580,11 +2599,6 @@ msgstr "skribas sekretan ŝlosilon al '%s'\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "elektita ĉifrad-metodo ne validas\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "elektita kompendi-metodo ne validas\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "elektita ĉifrad-metodo ne validas\n"
@ -2630,10 +2644,6 @@ msgstr "nevalidaj preferoj\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "nevalidaj preferoj\n"
 #, fuzzy, c-format
 msgid "invalid personal AEAD preferences\n"
 msgstr "nevalidaj preferoj\n"
 #, fuzzy, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "nevalidaj preferoj\n"
@ -2651,10 +2661,6 @@ msgstr "ŝlosilgrando nevalida; uzas %u bitojn\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s ne havas sencon kun %s!\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
@ -3862,18 +3868,6 @@ msgstr "%s: nevalida dosiero-versio %d\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr ""
 msgid "Features: "
 msgstr ""
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4706,6 +4700,18 @@ msgstr "Ĉu vere krei? "
 msgid "never     "
 msgstr ""
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr ""
 msgid "Features: "
 msgstr ""
 msgid "Keyserver no-modify"
 msgstr ""
 #, fuzzy
 msgid "Critical signature policy: "
 msgstr "Subskribo-gvidlinioj: "
@ -9190,6 +9196,19 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "elektita kompendi-metodo ne validas\n"
 #, fuzzy
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "nevalidaj preferoj\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 #, fuzzy
 #~ msgid "error writing to temporary file: %s\n"
 #~ msgstr "skribas al '%s'\n"
@ -10691,9 +10710,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "forviŝi subskribojn"
 #~ msgid "set preference list"
 #~ msgstr "agordi liston de preferoj"
 #~ msgid "updated preferences"
 #~ msgstr "aktualigitaj preferoj"
--- a/po/es.po
+++ b/po/es.po
@ -422,6 +422,11 @@ msgstr "|ALGO|usar ALGO para mostrar las huellas digitales de ssh"
 msgid "enable putty support"
 msgstr "habilitar soporte de putty"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "habilitar soporte de putty"
 msgid "Options controlling the security"
 msgstr "Opciones que controlan la seguridad"
@ -1849,8 +1854,9 @@ msgstr ""
 msgid "error creating passphrase: %s\n"
 msgstr "error al crear frase contraseña: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "no puede usar un paquete simétrico ESK debido al modo S2K\n"
 #, fuzzy, c-format
@ -1925,9 +1931,19 @@ msgstr "borrar partes inutilizables de la clave al exportar"
 msgid "remove as much as possible from key during export"
 msgstr "borrar tanto como sea posible de la clave al exportar"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "genera un certificado de revocación"
 msgid "use the GnuPG key backup format"
 msgstr "usar el formato de backup de claves GnuPG"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "no se permite exportar claves secretas\n"
 msgid " - skipped"
 msgstr " - omitido"
@ -2382,6 +2398,11 @@ msgstr "mostrar nombre de los anillos de claves al listar claves"
 msgid "show expiration dates during signature listings"
 msgstr "mostrar fechas de caducidad al listar firmas"
 #, fuzzy
 #| msgid "showpref"
 msgid "show preferences"
 msgstr "verpref"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "política TOFU desconocida '%s'\n"
@ -2537,11 +2558,6 @@ msgstr "no se ejecutará en memoria insegura por %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "el algoritmo de cifrado seleccionado es inválido\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "el algoritmo de resumen seleccionado no inválido\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "el algoritmo de compresión seleccionado es inválido\n"
@ -2586,11 +2602,6 @@ msgstr "preferencias por defecto inválidas\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "preferencias personales de cifrado inválidas\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "preferencias personales de cifrado inválidas\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferencias personales de algoritmo de resumen inválidas\n"
@ -2608,11 +2619,6 @@ msgstr "tamaño de clave incorrecto; se usarán %u bits\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s aún no funciona con %s\n"
 #, fuzzy, c-format
 #| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "no se puede usar el cifrado '%s' en modo %s\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "no puede usar la compresión '%s' en modo %s\n"
@ -3749,18 +3755,6 @@ msgstr "\"%s\" no es una huella digital válida\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "subclave \"%s\" no encontrada\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Resumen: "
 msgid "Features: "
 msgstr "Características: "
 msgid "Keyserver no-modify"
 msgstr "Sevidor de claves no-modificar"
 msgid "Preferred keyserver: "
 msgstr "Servidor de claves preferido: "
@ -4578,6 +4572,18 @@ msgstr "¿Crear de verdad? (s/N) "
 msgid "never     "
 msgstr "nunca     "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Resumen: "
 msgid "Features: "
 msgstr "Características: "
 msgid "Keyserver no-modify"
 msgstr "Sevidor de claves no-modificar"
 msgid "Critical signature policy: "
 msgstr "Política de firmas críticas: "
@ -9099,6 +9105,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "el algoritmo de resumen seleccionado no inválido\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "preferencias personales de cifrado inválidas\n"
 #, fuzzy
 #~| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "no se puede usar el cifrado '%s' en modo %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "forzar el cifrado simétrico %s (%d) viola las preferencias\n"
@ -11229,9 +11250,6 @@ msgstr ""
 #~ msgid "pref"
 #~ msgstr "pref"
 #~ msgid "showpref"
 #~ msgstr "verpref"
 #~ msgid "setpref"
 #~ msgstr "estpref"
--- a/po/et.po
+++ b/po/et.po
@ -399,6 +399,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "ei ole toetatud"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "ei ole toetatud"
 msgid "Options controlling the security"
 msgstr ""
@ -1849,8 +1854,9 @@ msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
 msgid "error creating passphrase: %s\n"
 msgstr "viga parooli loomisel: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "S2K moodi tõttu ei saa sümmeetrilist ESK paketti kasutada\n"
 #, fuzzy, c-format
@ -1934,9 +1940,18 @@ msgstr "mittekasutatav salajane võti"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "genereeri tühistamise sertifikaat"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2426,6 +2441,11 @@ msgstr "näita millisesse võtmehoidlasse näidatud võti kuulub"
 msgid "show expiration dates during signature listings"
 msgstr "Vastavat allkirja salajaste võtmete hoidlas pole\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "sea eelistuste nimekiri"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "tundmatu vaikimisi saaja `%s'\n"
@ -2586,11 +2606,6 @@ msgstr "kirjutan salajase võtme faili `%s'\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "valitud šifri algoritm ei ole lubatud\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "valitud lühendi algoritm ei ole lubatud\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "valitud šifri algoritm ei ole lubatud\n"
@ -2636,11 +2651,6 @@ msgstr "vigased vaikimisi eelistused\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "vigased isikliku šifri eelistused\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "vigased isikliku šifri eelistused\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "vigased isikliku lühendi eelistused\n"
@ -2658,10 +2668,6 @@ msgstr "vigane võtme suurus; kasutan %u bitti\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s ei tööta veel koos %s-ga\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "šifri algoritm \"%s\" ei ole moodis %s lubatud\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "pakkimise algoritm \"%s\" ei ole moodis %s lubatud\n"
@ -3857,18 +3863,6 @@ msgstr "viga: vigane sõrmejälg\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Teatelühend: "
 msgid "Features: "
 msgstr "Omadused: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4698,6 +4692,18 @@ msgstr "Loon tõesti? "
 msgid "never     "
 msgstr "mitte kunagi"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Teatelühend: "
 msgid "Features: "
 msgstr "Omadused: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Kriitiline allkirja poliitika: "
@ -9193,6 +9199,20 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "valitud lühendi algoritm ei ole lubatud\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "vigased isikliku šifri eelistused\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "šifri algoritm \"%s\" ei ole moodis %s lubatud\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "sümmetrilise šifri %s (%d) kasutamine on vastuolus saaja eelistustega\n"
@ -10785,9 +10805,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "kustuta allkirjad"
 #~ msgid "set preference list"
 #~ msgstr "sea eelistuste nimekiri"
 #~ msgid "updated preferences"
 #~ msgstr "uuendatud eelistused"
--- a/po/fi.po
+++ b/po/fi.po
@ -415,6 +415,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "ei tuettu"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "ei tuettu"
 msgid "Options controlling the security"
 msgstr ""
@ -1867,8 +1872,9 @@ msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
 msgid "error creating passphrase: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "symmetristä ESK-pakettia ei voi käyttää S2K-tilan vuoksi\n"
 #, fuzzy, c-format
@ -1951,9 +1957,18 @@ msgstr "salaista avainta ei voi käyttää"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "luo mitätöintivarmenne"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2443,6 +2458,11 @@ msgstr "näytä mihin avainrenkaaseen tulostettu avain kuuluu"
 msgid "show expiration dates during signature listings"
 msgstr "Salaisesta avainrenkaasta ei löydy vastaavaa allekirjoitusta\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "näytä valinnat"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
@ -2603,11 +2623,6 @@ msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "valittu salausalgoritmi ei kelpaa\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "valittu tiivistealgoritmi ei kelpaa\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "valittu salausalgoritmi ei kelpaa\n"
@ -2654,11 +2669,6 @@ msgstr "virheelliset oletusarvoiset valinnat\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "virheelliset henkilökohtaisen salaimen valinnat\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "virheelliset henkilökohtaisen salaimen valinnat\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "virheelliset henkilökohtaiset tiivisteen valinnat\n"
@ -2676,10 +2686,6 @@ msgstr "avaimen koko on virheellinen, käytetään %u bittiä\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s ja %s eivät vielä toimi yhdessä\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "salausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "pakkausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
@ -3881,18 +3887,6 @@ msgstr "virhe: sormenjälki on väärä\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Tiiviste: "
 msgid "Features: "
 msgstr "Ominaisuudet: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4732,6 +4726,18 @@ msgstr "Haluatko varmasti luoda? "
 msgid "never     "
 msgstr "ei koskaan"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Tiiviste: "
 msgid "Features: "
 msgstr "Ominaisuudet: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Kriittinen allekirjoituskäytäntö: "
@ -9261,6 +9267,20 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "valittu tiivistealgoritmi ei kelpaa\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "virheelliset henkilökohtaisen salaimen valinnat\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "salausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "valittu symmetrinen salain %s (%d) ei ole vastaanottajan suosima\n"
@ -10889,9 +10909,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "poista allekirjoitus"
 #~ msgid "set preference list"
 #~ msgstr "näytä valinnat"
 #~ msgid "updated preferences"
 #~ msgstr "päivitä valinnat"
--- a/po/fr.po
+++ b/po/fr.po
@ -423,6 +423,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "activer la prise en charge de putty"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "activer la prise en charge de putty"
 msgid "Options controlling the security"
 msgstr "Options contrôlant la sécurité"
@ -1900,8 +1905,9 @@ msgstr "Attention : « %s%s » est une option obsolète — non prise en com
 msgid "error creating passphrase: %s\n"
 msgstr "erreur de création de la phrase secrète : %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "impossible d'utiliser un paquet ESK symétrique en mode S2K\n"
 #, fuzzy, c-format
@ -1979,9 +1985,19 @@ msgstr "supprimer les parties inutilisables de la clef pendant l'exportation"
 msgid "remove as much as possible from key during export"
 msgstr "supprimer autant que possible de la clef pendant l'exportation"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "générer un certificat de révocation"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "il est interdit d'exporter les clefs secrètes\n"
 msgid " - skipped"
 msgstr " — ignoré"
@ -2478,6 +2494,11 @@ msgstr "montrer le nom du porte-clefs en affichant les clefs"
 msgid "show expiration dates during signature listings"
 msgstr "montrer les dates d'expiration en affichant les signatures"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "afficher les préférences (expert)"
 #, fuzzy, c-format
 #| msgid "unknown option '%s'\n"
 msgid "unknown TOFU policy '%s'\n"
@ -2640,11 +2661,6 @@ msgstr "ne sera pas exécuté avec une mémoire non sécurisée à cause de %s\n
 msgid "selected cipher algorithm is invalid\n"
 msgstr "l'algorithme de chiffrement sélectionné est incorrect\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "la fonction de hachage sélectionnée est incorrecte\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "l'algorithme de compression sélectionné est incorrect\n"
@ -2689,11 +2705,6 @@ msgstr "préférences par défaut incorrectes\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "préférences personnelles de chiffrement incorrectes\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "préférences personnelles de chiffrement incorrectes\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "préférences personnelles de hachage incorrectes\n"
@ -2711,11 +2722,6 @@ msgstr "taille incorrecte ; utilisation de %u bits\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s ne fonctionne pas encore avec %s\n"
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "impossible d'utiliser l'algorithme de chiffrement « %s » en mode %s.\n"
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm '%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
@ -3886,18 +3892,6 @@ msgstr "« %s » n’est pas une empreinte\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "clef « %s » introuvable : %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Hachage : "
 msgid "Features: "
 msgstr "Fonctionnalités : "
 msgid "Keyserver no-modify"
 msgstr "Serveur de clefs sans modification"
 msgid "Preferred keyserver: "
 msgstr "Serveur de clefs favori : "
@ -4748,6 +4742,18 @@ msgstr "Faut-il vraiment la créer ? (o/N) "
 msgid "never     "
 msgstr "jamais    "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Hachage : "
 msgid "Features: "
 msgstr "Fonctionnalités : "
 msgid "Keyserver no-modify"
 msgstr "Serveur de clefs sans modification"
 msgid "Critical signature policy: "
 msgstr "Politique de signature critique : "
@ -9465,6 +9471,22 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "la fonction de hachage sélectionnée est incorrecte\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "préférences personnelles de chiffrement incorrectes\n"
 #, fuzzy
 #~| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr ""
 #~ "impossible d'utiliser l'algorithme de chiffrement « %s » en mode %s.\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "forcer le chiffrement symétrique %s (%d) est en désaccord\n"
--- a/po/gl.po
+++ b/po/gl.po
@ -402,6 +402,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "non está soportado"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "non está soportado"
 msgid "Options controlling the security"
 msgstr ""
@ -1860,8 +1865,9 @@ msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
 msgid "error creating passphrase: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "non se pode empregar un paquete simétrico ESK debido ao modo S2K\n"
 #, fuzzy, c-format
@ -1943,9 +1949,18 @@ msgstr "chave secreta non utilizable"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "xerar un certificado de revocación"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "gravando a chave secreta en `%s'\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2434,6 +2449,11 @@ msgstr "amosar en que chaveiro está unha chave listada"
 msgid "show expiration dates during signature listings"
 msgstr "Non hai unha sinatura correspondiente no chaveiro secreto\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "estabrece-la lista de preferencias"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "destinatario por defecto `%s' descoñecido\n"
@ -2594,11 +2614,6 @@ msgstr "gravando a chave secreta en `%s'\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "o algoritmo de cifrado seleccionado non é válido\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "o algoritmo de resumo seleccionado non é válido\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "o algoritmo de cifrado seleccionado non é válido\n"
@ -2644,11 +2659,6 @@ msgstr "preferencias por defecto non válidas\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "preferencias de cifrado personais non válidas\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "preferencias de cifrado personais non válidas\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferencias de resumo personais non válidas\n"
@ -2666,10 +2676,6 @@ msgstr "tamaño de chave non válido; empregando %u bits\n"
 msgid "%s does not yet work with %s\n"
 msgstr "¡%s aínda non traballa con %s!\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "non se pode empregar o algoritmo de cifrado \"%s\" no modo %s\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "non se pode empregar o algoritmo de compresión \"%s\" no modo %s\n"
@ -3881,18 +3887,6 @@ msgstr "erro: pegada dactilar non válida\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "non se atopou a chave `%s': %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Resumo: "
 msgid "Features: "
 msgstr "Características: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4742,6 +4736,18 @@ msgstr "¿Crear realmente? "
 msgid "never     "
 msgstr "nunca     "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Resumo: "
 msgid "Features: "
 msgstr "Características: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Normativa de sinaturas críticas: "
@ -9273,6 +9279,20 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "o algoritmo de resumo seleccionado non é válido\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "preferencias de cifrado personais non válidas\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "non se pode empregar o algoritmo de cifrado \"%s\" no modo %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "forza-la cifra simétrica %s (%d) viola as preferencias do destinatario\n"
@ -10911,9 +10931,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "borrar sinaturas"
 #~ msgid "set preference list"
 #~ msgstr "estabrece-la lista de preferencias"
 #~ msgid "updated preferences"
 #~ msgstr "preferencias actualizadas"
--- a/po/hu.po
+++ b/po/hu.po
@ -399,6 +399,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "nem támogatott"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "nem támogatott"
 msgid "Options controlling the security"
 msgstr ""
@ -1850,8 +1855,9 @@ msgstr "FIGYELEM: \"%s\" elavult opció!\n"
 msgid "error creating passphrase: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "Nem tudok szimmetrikus ESK csomagot használni a S2K mód miatt!\n"
 #, fuzzy, c-format
@ -1934,9 +1940,18 @@ msgstr "használhatatlan titkos kulcs"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "visszavonási igazolás készítése"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2426,6 +2441,11 @@ msgstr "mutatja a kilistázott kulcs kulcskarikáját is"
 msgid "show expiration dates during signature listings"
 msgstr "Nincs megfelelő aláírás a titkoskulcs-karikán.\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "preferencialista beállítása"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
@ -2586,11 +2606,6 @@ msgstr "Írom a titkos kulcsot a %s állományba.\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "A kiválasztott rejtjelező algoritmus érvénytelen!\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "A kiválasztott kivonatoló algoritmus érvénytelen!\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "A kiválasztott rejtjelező algoritmus érvénytelen!\n"
@ -2636,11 +2651,6 @@ msgstr "Érvénytelen alapértelmezett preferenciák!\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "Érvénytelen személyes rejtjelező-preferenciák!\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "Érvénytelen személyes rejtjelező-preferenciák!\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "Érvénytelen személyes kivonatolópreferenciák!\n"
@ -2658,11 +2668,6 @@ msgstr "Kulcsméret érvénytelen; %u bitet használok.\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s és %s egyelőre nem használható együtt!\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "Lehet, hogy nem használhatja \"%s\" rejtjelező algoritmust %s módban!\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "Lehet, hogy nem használhatja \"%s\" tömörítő algoritmust %s módban!\n"
@ -3859,18 +3864,6 @@ msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Kivonat: "
 msgid "Features: "
 msgstr "Jellemzők: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4707,6 +4700,18 @@ msgstr "Valóban létrehozzam? "
 msgid "never     "
 msgstr "soha      "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Kivonat: "
 msgid "Features: "
 msgstr "Jellemzők: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Kritikus aláírási eljárásmód: "
@ -9221,6 +9226,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "A kiválasztott kivonatoló algoritmus érvénytelen!\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "Érvénytelen személyes rejtjelező-preferenciák!\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr ""
 #~ "Lehet, hogy nem használhatja \"%s\" rejtjelező algoritmust %s módban!\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "A %s (%d) rejtjelező használata sérti a címzett preferenciáit!\n"
@ -10843,9 +10863,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "aláírások törlése"
 #~ msgid "set preference list"
 #~ msgstr "preferencialista beállítása"
 #~ msgid "updated preferences"
 #~ msgstr "preferenciák frissítése"
--- a/po/id.po
+++ b/po/id.po
@ -404,6 +404,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "tidak didukung"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "tidak didukung"
 msgid "Options controlling the security"
 msgstr ""
@ -1856,8 +1861,9 @@ msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
 msgid "error creating passphrase: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "tidak dapat menggunakan paket simetri ESK karena mode S2K\n"
 #, fuzzy, c-format
@ -1940,9 +1946,18 @@ msgstr "kunci rahasia tidak dapat dipakai"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "buat sertifikat revokasi"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "menulis kunci rahasia ke `%s'\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2430,6 +2445,11 @@ msgstr "tampilkan keyring tempat kunci yang dipilih berada"
 msgid "show expiration dates during signature listings"
 msgstr "Tidak ada signature koresponden di ring rahasia\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "set daftar preferensi"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "penerima baku tidak dikenal `%s'\n"
@ -2590,11 +2610,6 @@ msgstr "menulis kunci rahasia ke `%s'\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "algoritma cipher yang dipilih tidak valid\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "algoritma digest yang dipilih tidak valid\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "algoritma cipher yang dipilih tidak valid\n"
@ -2640,11 +2655,6 @@ msgstr "preferensi baku tidak valid\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "preferensi cipher personal tidak valid\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "preferensi cipher personal tidak valid\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferensi digest personal tidak valid\n"
@ -2662,11 +2672,6 @@ msgstr "keysize tidak valid; menggunakan %u bit\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s belum dapat dipakai dengan %s\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "anda tidak boleh menggunakan algoritma cipher \"%s\" saat dalam mode %s.\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
@ -3865,18 +3870,6 @@ msgstr "kesalahan: fingerprint tidak valid\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Digest: "
 msgid "Features: "
 msgstr "Fitur: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4717,6 +4710,18 @@ msgstr "Ingin diciptakan? "
 msgid "never     "
 msgstr "tidak pernah..."
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Digest: "
 msgid "Features: "
 msgstr "Fitur: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Kebijakan signature kritis: "
@ -9220,6 +9225,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "algoritma digest yang dipilih tidak valid\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "preferensi cipher personal tidak valid\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr ""
 #~ "anda tidak boleh menggunakan algoritma cipher \"%s\" saat dalam mode %s.\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "memaksa cipher simetrik %s (%d) melanggar preferensi penerima\n"
@ -10846,9 +10866,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "hapus signature"
 #~ msgid "set preference list"
 #~ msgstr "set daftar preferensi"
 #~ msgid "updated preferences"
 #~ msgstr "perbarui preferensi"
--- a/po/it.po
+++ b/po/it.po
@ -389,6 +389,11 @@ msgstr "|ALGO|usa ALGO per mostrare le impronte digitali ssh"
 msgid "enable putty support"
 msgstr "abilitare il supporto putty"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "abilitare il supporto putty"
 msgid "Options controlling the security"
 msgstr "Opzioni che controllano la sicurezza"
@ -1797,8 +1802,9 @@ msgstr "AVVISO: la chiave %s non è adatta per la crittografia in modalità %s\n
 msgid "error creating passphrase: %s\n"
 msgstr "errore nella creazione della passhprase: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr ""
 "impossibile usare un pacchetto ESK simmetrico a causa della modalità S2K\n"
@ -1873,9 +1879,19 @@ msgstr "rimuovere parti inutilizzabili dalla chiave durante l'esportazione"
 msgid "remove as much as possible from key during export"
 msgstr "rimuovere il più possibile dalla chiave durante l'esportazione"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "genera un certificato di revoca"
 msgid "use the GnuPG key backup format"
 msgstr "utilizzare il formato di backup della chiave GnuPG"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "esportazione di chiavi segrete non consentita\n"
 msgid " - skipped"
 msgstr " - saltato"
@ -2320,6 +2336,11 @@ msgstr "mostrare il nome del keyring negli elenchi delle chiavi"
 msgid "show expiration dates during signature listings"
 msgstr "mostra date di scadenza durante le inserzioni delle firme"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "elenca le preferenze (per esperti)"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "criterio TOFU sconosciuto '%s'\n"
@ -2476,10 +2497,6 @@ msgstr "non verrà eseguito con memoria non protetta a causa di %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "l'algoritmo di cifratura selezionato non è valido\n"
 #, c-format
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "l'algoritmo AEAD selezionato non è valido\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "algoritmo di compressione selezionato non valido\n"
@ -2524,10 +2541,6 @@ msgstr "preferenze predefinite non valide\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "preferenze personali del cifrario non valide\n"
 #, c-format
 msgid "invalid personal AEAD preferences\n"
 msgstr "preferenze AEAD personali non valide\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferenze personali del digest non valide\n"
@ -2544,10 +2557,6 @@ msgstr "dimensione del blocco non valida - utilizzando %d\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s non funziona ancora con %s\n"
 #, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "L'algoritmo AEAD '%s' non può essere utilizzato %s modalità\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
@ -3690,18 +3699,6 @@ msgstr "\"%s\" non è un'impronta digitale corretta\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "sottochiave \"%s\" non trovata\n"
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Digest: "
 msgid "Features: "
 msgstr "Caratteristiche: "
 msgid "Keyserver no-modify"
 msgstr "Keyserver no-modify"
 msgid "Preferred keyserver: "
 msgstr "Server delle chiavi preferito: "
@ -4513,6 +4510,18 @@ msgstr "Davvero creare? (y/N) "
 msgid "never     "
 msgstr "mai       "
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Digest: "
 msgid "Features: "
 msgstr "Caratteristiche: "
 msgid "Keyserver no-modify"
 msgstr "Keyserver no-modify"
 msgid "Critical signature policy: "
 msgstr "Politica critica di firma: "
@ -9014,6 +9023,15 @@ msgstr "Comandi di gestione Yubikey"
 msgid "manage the command history"
 msgstr "gestire la cronologia dei comandi"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "l'algoritmo AEAD selezionato non è valido\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "preferenze AEAD personali non valide\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "L'algoritmo AEAD '%s' non può essere utilizzato %s modalità\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "forzare il cifrario simmetrico %s (%d) viola le preferenze\n"
--- a/po/ja.po
+++ b/po/ja.po
@ -386,6 +386,11 @@ msgstr "|ALGO|ssh署名の表示にALGOを使う"
 msgid "enable putty support"
 msgstr "puttyサポートを有功にする"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "puttyサポートを有功にする"
 msgid "Options controlling the security"
 msgstr "セキュリティを制御するオプション"
@ -1763,8 +1768,9 @@ msgstr "*警告*: 鍵%sは、%sモードでは、暗号化に適しません\n"
 msgid "error creating passphrase: %s\n"
 msgstr "パスフレーズの作成エラー: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "S2Kモードのため、共通鍵ESKパケットを使えません\n"
 #, c-format
@ -1834,9 +1840,19 @@ msgstr "エクスポートの際、利用できない部分を除去する"
 msgid "remove as much as possible from key during export"
 msgstr "エクスポートの際、できるだけ除去する"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "失効証明書を生成"
 msgid "use the GnuPG key backup format"
 msgstr "GnuPGの鍵のバックアップフォーマットを使います"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "秘密鍵のエクスポートは認められません\n"
 msgid " - skipped"
 msgstr " - スキップされました"
@ -2267,6 +2283,11 @@ msgstr "鍵の一覧に鍵リングの名前を表示する"
 msgid "show expiration dates during signature listings"
 msgstr "署名の一覧時に有効期限の日付を表示する"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "優先指定の一覧 (エキスパート)"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "不明のTOFUポリシー'%s'\n"
@ -2422,10 +2443,6 @@ msgstr "%s のため、セキュアでないメモリで実行しません\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "選択された暗号アルゴリズムは無効です\n"
 #, c-format
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "選択されたAEADアルゴリズムは無効です\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "選択された圧縮アルゴリズムは無効です\n"
@ -2470,10 +2487,6 @@ msgstr "無効なデフォルトの優先指定\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "無効な個人用暗号方式の優先指定\n"
 #, c-format
 msgid "invalid personal AEAD preferences\n"
 msgstr "無効な個人用AEAD方式の優先指定\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "無効な個人用ダイジェストの優先指定\n"
@ -2490,10 +2503,6 @@ msgstr "無効なチャンク長 - %dビットにします\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%sは%sではまだ機能しません\n"
 #, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "AEADアルゴリズム'%s'を%sモードで使うことはできません\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "圧縮アルゴリズム'%s'を%sモードで使うことはできません\n"
@ -3595,18 +3604,6 @@ msgstr "\"%s\"は正しいフィンガープリントではありません\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "副鍵\"%s\"が見つかりません\n"
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "ダイジェスト: "
 msgid "Features: "
 msgstr "機能: "
 msgid "Keyserver no-modify"
 msgstr "鍵サーバ 修正しない"
 msgid "Preferred keyserver: "
 msgstr "優先鍵サーバ: "
@ -4392,6 +4389,18 @@ msgstr "本当に作成しますか? (y/N) "
 msgid "never     "
 msgstr "無期限    "
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "ダイジェスト: "
 msgid "Features: "
 msgstr "機能: "
 msgid "Keyserver no-modify"
 msgstr "鍵サーバ 修正しない"
 msgid "Critical signature policy: "
 msgstr "クリティカルな署名ポリシー: "
@ -8696,6 +8705,15 @@ msgstr "Yubikey管理コマンド"
 msgid "manage the command history"
 msgstr "コマンド履歴を管理する"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "選択されたAEADアルゴリズムは無効です\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "無効な個人用AEAD方式の優先指定\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "AEADアルゴリズム'%s'を%sモードで使うことはできません\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "共通鍵暗号方式 %s (%d) の強制が、受取人の優先指定をそむきます\n"
--- a/po/nb.po
+++ b/po/nb.po
@ -402,6 +402,11 @@ msgstr "|ALGO|bruk valgt ALGOritme til å vise ssh-fingeravtrykk"
 msgid "enable putty support"
 msgstr "slå på støtte for putty"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "slå på støtte for putty"
 msgid "Options controlling the security"
 msgstr "Sikkerhetsvalg"
@ -1827,8 +1832,9 @@ msgstr "ADVARSEL: nøkkel %s egner seg ikke for kryptering i %s-modus\n"
 msgid "error creating passphrase: %s\n"
 msgstr "feil under opprettelse av passordfrase: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "klarte ikke å bruke symmetrisk ESK-pakke på grunn av S2K-modus\n"
 #, fuzzy, c-format
@ -1904,9 +1910,19 @@ msgstr "fjern ubrukelige deler fra nøkkelen under eksportering"
 msgid "remove as much as possible from key during export"
 msgstr "fjern så mye som mulig fra nøkkelen under eksportering"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "lag opphevelsessertifikat"
 msgid "use the GnuPG key backup format"
 msgstr "bruk GnuPG-format til sikkerhetskopiering av nøkkel"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "eksportering av hemmelige nøkler er ikke tillatt\n"
 msgid " - skipped"
 msgstr ". Hoppet over"
@ -2351,6 +2367,11 @@ msgstr "vis nøkkelknippe-navn i nøkkelvisning"
 msgid "show expiration dates during signature listings"
 msgstr "vis utløpsdatoer i nøkkelvisning"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "vis innstillinger (avansert)"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "«%s» er et ukjent TOFU-regelverk\n"
@ -2507,11 +2528,6 @@ msgstr "lar være å kjøre med usikret minne på grunn av %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "valgt krypteringsalgoritme er ugyldig\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "valg kontrollsum-algoritme er ugyldig\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "valgt komprimeringsalgoritme er ugyldig\n"
@ -2556,11 +2572,6 @@ msgstr "ugyldig standardoppsett\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "ugyldig personlig oppsett av krypteringsmetode\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "ugyldig personlig oppsett av krypteringsmetode\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "ugyldig personlig oppsett av kontrollsummetode\n"
@ -2578,11 +2589,6 @@ msgstr "ugyldig nøkkelstørrelse. Bruker %u bit\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s virker ikke enda med %s\n"
 #, fuzzy, c-format
 #| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "du kan ikke bruke algoritme «%s» i %s-modus\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "du kan ikke bruke komprimeringsalgoritme «%s» i %s-modus\n"
@ -3721,18 +3727,6 @@ msgstr "«%s» er et ugyldig fingeravtrykk\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "fant ikke undernøkkel «%s»\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Kontrollsum: "
 msgid "Features: "
 msgstr "Funksjoner: "
 msgid "Keyserver no-modify"
 msgstr "Nøkkeltjener no-modify"
 msgid "Preferred keyserver: "
 msgstr "Foretrukket nøkkeltjener: "
@ -4556,6 +4550,18 @@ msgstr "Er du sikker på at du vil fortsette? (j/N) "
 msgid "never     "
 msgstr "aldri     "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Kontrollsum: "
 msgid "Features: "
 msgstr "Funksjoner: "
 msgid "Keyserver no-modify"
 msgstr "Nøkkeltjener no-modify"
 msgid "Critical signature policy: "
 msgstr "Regler for kritisk signatur: "
@ -8997,6 +9003,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "valg kontrollsum-algoritme er ugyldig\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "ugyldig personlig oppsett av krypteringsmetode\n"
 #, fuzzy
 #~| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "du kan ikke bruke algoritme «%s» i %s-modus\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "tvungen bruk av krypt.metode %s (%d) bryter med mottakers oppsett\n"
--- a/po/pl.po
+++ b/po/pl.po
@ -396,6 +396,11 @@ msgstr "|ALGO|użycie ALGO do wyświetlania odcisków ssh"
 msgid "enable putty support"
 msgstr "włączenie obsługi putty"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "włączenie obsługi putty"
 msgid "Options controlling the security"
 msgstr "Opcje sterujące bezpieczeństwem"
@ -1799,8 +1804,9 @@ msgstr "OSTRZEŻENIE: klucz %s nie nadaje się do szyfrowania w trybie %s\n"
 msgid "error creating passphrase: %s\n"
 msgstr "błąd podczas tworzenia hasła: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr ""
 "ustawiony tryb S2K nie pozwala użyć pakietu ESK dla szyfru symetrycznego\n"
@ -1876,9 +1882,19 @@ msgstr "usunięcie bezużytecznych części z klucza przy eksporcie"
 msgid "remove as much as possible from key during export"
 msgstr "usunięcie jak największej części klucza przy eksporcie"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "tworzenie certyfikatu unieważnienia klucza"
 msgid "use the GnuPG key backup format"
 msgstr "użycie formatu kopii zapasowej klucza GnuPG"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "eksport kluczy tajnych nie jest dozwolony\n"
 msgid " - skipped"
 msgstr " - pominięty"
@ -2342,6 +2358,11 @@ msgstr "pokazywanie nazwy zbioru kluczy na listach kluczy"
 msgid "show expiration dates during signature listings"
 msgstr "pokazywanie dat wygaśnięcia przy wypisywaniu podpisów"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "ustawienia (zaawansowane)"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "nieznana polityka TOFU ,,%s''\n"
@ -2500,11 +2521,6 @@ msgstr "nie zadziała z niebezpieczną pamięcią z powodu %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "wybrany algorytm szyfrujący jest niepoprawny\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "wybrany algorytm skrótów wiadomości jest niepoprawny\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "wybrany algorytm kompresji jest niepoprawny\n"
@ -2551,11 +2567,6 @@ msgstr "niewłaściwe domyślne ustawienia\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "niewłaściwe ustawienia szyfrów\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "niewłaściwe ustawienia szyfrów\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "niewłaściwe ustawienia skrótów\n"
@ -2573,11 +2584,6 @@ msgstr "niewłaściwa długość klucza; wykorzystano %u bitów\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s jeszcze nie działa z %s!\n"
 #, fuzzy, c-format
 #| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "szyfr ,,%s'' nie może być używany w trybie %s\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "algorytm kompresji ,,%s'' nie może być używany w trybie %s\n"
@ -3731,18 +3737,6 @@ msgstr ",,%s'' nie jest właściwym odciskiem\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "podklucz ,,%s'' nie został odnaleziony\n"
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Skrót: "
 msgid "Features: "
 msgstr "Ustawienia: "
 msgid "Keyserver no-modify"
 msgstr "no-modify dla serwera kluczy"
 msgid "Preferred keyserver: "
 msgstr "Preferowany serwer kluczy: "
@ -4575,6 +4569,18 @@ msgstr "Czy na pewno utworzyć? (t/N) "
 msgid "never     "
 msgstr "nigdy     "
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Skrót: "
 msgid "Features: "
 msgstr "Ustawienia: "
 msgid "Keyserver no-modify"
 msgstr "no-modify dla serwera kluczy"
 msgid "Critical signature policy: "
 msgstr "Krytyczny regulamin podpisu: "
@ -9112,6 +9118,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "wybrany algorytm skrótów wiadomości jest niepoprawny\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "niewłaściwe ustawienia szyfrów\n"
 #, fuzzy
 #~| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "szyfr ,,%s'' nie może być używany w trybie %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami adresata\n"
--- a/po/pt.po
+++ b/po/pt.po
@ -404,6 +404,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "não suportado"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "não suportado"
 msgid "Options controlling the security"
 msgstr ""
@ -1854,8 +1859,9 @@ msgstr "AVISO: \"%s\" é uma opção depreciada\n"
 msgid "error creating passphrase: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "não é possível utilizar o pacote ESK simétrico devido ao modo S2K\n"
 #, fuzzy, c-format
@ -1937,9 +1943,18 @@ msgstr "chave secreta não utilizável"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "gerar um certificado de revogação"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "a escrever chave privada para `%s'\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2431,6 +2446,11 @@ msgstr "mostrar em que porta-chave a chave está"
 msgid "show expiration dates during signature listings"
 msgstr "Nenhuma assinatura correspondente no porta-chaves secreto\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "configurar lista de preferências"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "destinatário por omissão desconhecido `%s'\n"
@ -2591,11 +2611,6 @@ msgstr "a escrever chave privada para `%s'\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "o algoritmo de cifragem selecionado é inválido\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "o algoritmo de \"digest\" selecionado é inválido\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "o algoritmo de cifragem selecionado é inválido\n"
@ -2641,11 +2656,6 @@ msgstr "preferências por omissão inválidas\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "preferências pessoais de cifra inválidas\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "preferências pessoais de cifra inválidas\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferências pessoais de 'digest' inválidas\n"
@ -2663,10 +2673,6 @@ msgstr "tamanho de chave inválido; a utilizar %u bits\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s não faz sentido com %s!\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
@ -3870,18 +3876,6 @@ msgstr "%s: versão de ficheiro inválida %d\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "chave `%s' não encontrada: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "'Digest': "
 msgid "Features: "
 msgstr "Características: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4721,6 +4715,18 @@ msgstr "Realmente criar? "
 msgid "never     "
 msgstr ""
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "'Digest': "
 msgid "Features: "
 msgstr "Características: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Politica de assinatura crítica: "
@ -9214,6 +9220,20 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "o algoritmo de \"digest\" selecionado é inválido\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "preferências pessoais de cifra inválidas\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "ao forçar a cifra simétrica %s (%d) viola as preferências do "
@ -10794,9 +10814,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "remove assinaturas"
 #~ msgid "set preference list"
 #~ msgstr "configurar lista de preferências"
 #~ msgid "updated preferences"
 #~ msgstr "preferências actualizadas"
--- a/po/ro.po
+++ b/po/ro.po
@ -409,6 +409,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "nu este suportat(ă)"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "nu este suportat(ă)"
 msgid "Options controlling the security"
 msgstr ""
@ -1878,8 +1883,9 @@ msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n"
 msgid "error creating passphrase: %s\n"
 msgstr "eroare la crearea frazei-parolă: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "nu pot crea un pachet ESK simetric datorită modului S2K\n"
 #, fuzzy, c-format
@ -1962,9 +1968,19 @@ msgstr "cheie secretă de nefolosit"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "generează un certificat de revocare"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "exportul cheilor secrete nu este permis\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2484,6 +2500,11 @@ msgstr "arată căruia dintre inelele de chei îi aparţine o cheie enumerată"
 msgid "show expiration dates during signature listings"
 msgstr "Nici o semnătură corespunzătoare în inelul secret\n"
 #, fuzzy
 #| msgid "showpref"
 msgid "show preferences"
 msgstr "showpref"
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown TOFU policy '%s'\n"
@ -2649,11 +2670,6 @@ msgstr "nu va rula cu memorie neprotejată (insecure) pentru că %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "algoritm cifrare selectat este invalid\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "algoritm rezumat selectat este invalid\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "algoritm compresie selectat este invalid\n"
@ -2699,11 +2715,6 @@ msgstr "preferinţe implicite invalide\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "preferinţe cifrare personale invalide\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "preferinţe cifrare personale invalide\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferinţe rezumat personale invalide\n"
@ -2721,11 +2732,6 @@ msgstr "lungime cheie invalidă; folosesc %u biţi\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s nu merge încă cu %s!\n"
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "nu puteţi folosi algoritmul de cifrare `%s' câtă vreme în modul %s\n"
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm `%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
@ -3917,18 +3923,6 @@ msgstr "amprentă invalidă"
 msgid "subkey \"%s\" not found\n"
 msgstr "cheia \"%s\" nu a fost găsită: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Rezumat: "
 msgid "Features: "
 msgstr "Capabilităţi: "
 msgid "Keyserver no-modify"
 msgstr "Server de chei no-modify"
 msgid "Preferred keyserver: "
 msgstr "Server de chei preferat: "
@ -4777,6 +4771,18 @@ msgstr "Creaţi într-adevăr? (d/N) "
 msgid "never     "
 msgstr "niciodată "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Rezumat: "
 msgid "Features: "
 msgstr "Capabilităţi: "
 msgid "Keyserver no-modify"
 msgstr "Server de chei no-modify"
 msgid "Critical signature policy: "
 msgstr "Politică de semnături critică: "
@ -9363,6 +9369,22 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "algoritm rezumat selectat este invalid\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "preferinţe cifrare personale invalide\n"
 #, fuzzy
 #~| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr ""
 #~ "nu puteţi folosi algoritmul de cifrare `%s' câtă vreme în modul %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "forţând cifrul simetric %s (%d) violaţi preferinţele destinatarului\n"
@ -11320,9 +11342,6 @@ msgstr ""
 #~ msgid "pref"
 #~ msgstr "pref"
 #~ msgid "showpref"
 #~ msgstr "showpref"
 #~ msgid "setpref"
 #~ msgstr "setpref"
--- a/po/ru.po
+++ b/po/ru.po
@ -406,6 +406,11 @@ msgstr "|ALGO|использовать для отображения отпеч
 msgid "enable putty support"
 msgstr "включить поддержку putty"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "включить поддержку putty"
 msgid "Options controlling the security"
 msgstr "Параметры, управляющие безопасностью"
@ -1812,8 +1817,9 @@ msgstr "Внимание: ключ %s не подходит для шифров
 msgid "error creating passphrase: %s\n"
 msgstr "ошибка при создании фразы-пароля: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "не могу использовать симметричный пакет ESK из-за режима S2K\n"
 #, fuzzy, c-format
@ -1888,9 +1894,19 @@ msgstr "удалить при экспорте непригодные части
 msgid "remove as much as possible from key during export"
 msgstr "при экспорте удалить из ключа как можно больше"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "создать сертификат отзыва"
 msgid "use the GnuPG key backup format"
 msgstr "пользоваться архивным форматом ключей GnuPG"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "экспорт секретных ключей не разрешен\n"
 msgid " - skipped"
 msgstr " - пропущено"
@ -2349,6 +2365,11 @@ msgstr "показывать в списке ключей название та
 msgid "show expiration dates during signature listings"
 msgstr "показывать в списке подписей сроки действия"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "список предпочтений (экспертам)"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "неизвестные правила TOFU '%s'\n"
@ -2508,11 +2529,6 @@ msgstr "отказываюсь работать с небезопасной па
 msgid "selected cipher algorithm is invalid\n"
 msgstr "выбран недопустимый алгоритм шифрования\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "выбрана недопустимая хеш-функция\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "выбран недопустимый алгоритм сжатия\n"
@ -2557,11 +2573,6 @@ msgstr "недопустимые предпочтения по умолчани
 msgid "invalid personal cipher preferences\n"
 msgstr "недопустимые личные предпочтения шифра\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "недопустимые личные предпочтения шифра\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "недопустимые личные предпочтения хеш-функции\n"
@ -2579,11 +2590,6 @@ msgstr "неверный размер ключа; использую %u бит\n
 msgid "%s does not yet work with %s\n"
 msgstr "%s пока не работает совместно с %s!\n"
 #, fuzzy, c-format
 #| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "алгоритм шифрования '%s' нельзя использовать в режиме %s\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "алгоритм сжатия '%s' нельзя использовать в режиме %s\n"
@ -3729,18 +3735,6 @@ msgstr "\"%s\" - не правильный отпечаток\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "подключ \"%s\" не найден\n"
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Хеш: "
 msgid "Features: "
 msgstr "Характеристики: "
 msgid "Keyserver no-modify"
 msgstr "Не изменять на сервере"
 msgid "Preferred keyserver: "
 msgstr "Предпочтительный сервер ключей: "
@ -4565,6 +4559,18 @@ msgstr "Действительно создать? (y/N) "
 msgid "never     "
 msgstr "никогда   "
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Хеш: "
 msgid "Features: "
 msgstr "Характеристики: "
 msgid "Keyserver no-modify"
 msgstr "Не изменять на сервере"
 msgid "Critical signature policy: "
 msgstr "Критические правила подписи: "
@ -9095,6 +9101,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "выбрана недопустимая хеш-функция\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "недопустимые личные предпочтения шифра\n"
 #, fuzzy
 #~| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "алгоритм шифрования '%s' нельзя использовать в режиме %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "принудительное использование симметричного шифра %s (%d) нарушает "
--- a/po/sk.po
+++ b/po/sk.po
@ -402,6 +402,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "nepodporované"
 #, fuzzy
 #| msgid "not supported"
 msgid "enable Win32-OpenSSH support"
 msgstr "nepodporované"
 msgid "Options controlling the security"
 msgstr ""
@ -1856,8 +1861,9 @@ msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
 msgid "error creating passphrase: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "v móde S2K nemožno použiť symetrický ESK paket\n"
 #, fuzzy, c-format
@ -1942,9 +1948,18 @@ msgstr "nepoužiteľný tajný kľúč"
 msgid "remove as much as possible from key during export"
 msgstr ""
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "vytvoriť revokačný certifikát"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 msgid "export secret keys using the GnuPG format"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2442,6 +2457,11 @@ msgstr "ukáž v ktorom súbore kľúčov je vypísaný kľúč"
 msgid "show expiration dates during signature listings"
 msgstr "V súbore tajných kľúčov chýba zodpovedajúci podpis\n"
 #, fuzzy
 #| msgid "set preference list"
 msgid "show preferences"
 msgstr "nastaviť zoznam predvolieb"
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "neznámy implicitný adresát `%s'\n"
@ -2602,11 +2622,6 @@ msgstr "zapisujem tajný kľúč do `%s'\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "vybraný šifrovací algoritmus je neplatný\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "vybraný hashovací algoritmus je neplatný\n"
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "vybraný šifrovací algoritmus je neplatný\n"
@ -2652,11 +2667,6 @@ msgstr "neplatné defaultné predvoľby\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "neplatné užívateľské predvoľby pre šifrovanie\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "neplatné užívateľské predvoľby pre šifrovanie\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "neplatné užívateľské predvoľby pre hashovanie\n"
@ -2674,10 +2684,6 @@ msgstr "neplatná dĺžka kľúča; použijem %u bitov\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s ešte nepracuje s %s\n"
 #, fuzzy, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "nemôžete použiť šifrovací algoritmus \"%s\" v móde %s\n"
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "nemôžete použiť kompresný algoritmus \"%s\" v móde %s\n"
@ -3884,18 +3890,6 @@ msgstr "chyba: neplatný odtlačok\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Digest: "
 msgid "Features: "
 msgstr "Charakteristiky: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Preferred keyserver: "
 msgstr ""
@ -4728,6 +4722,18 @@ msgstr "Skutočne vytvoriť? "
 msgid "never     "
 msgstr "nikdy     "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Digest: "
 msgid "Features: "
 msgstr "Charakteristiky: "
 msgid "Keyserver no-modify"
 msgstr ""
 msgid "Critical signature policy: "
 msgstr "Kritická podpisová politika: "
@ -9253,6 +9259,20 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "vybraný hashovací algoritmus je neplatný\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "neplatné užívateľské predvoľby pre šifrovanie\n"
 #, fuzzy
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "nemôžete použiť šifrovací algoritmus \"%s\" v móde %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "vyžiadaná symetrická šifra %s (%d) nevyhovuje predvoľbám príjemcu\n"
@ -10871,9 +10891,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "zmazať podpisy"
 #~ msgid "set preference list"
 #~ msgstr "nastaviť zoznam predvolieb"
 #~ msgid "updated preferences"
 #~ msgstr "aktualizovať predvoľby"
--- a/po/sv.po
+++ b/po/sv.po
@ -463,6 +463,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr ""
 #, fuzzy
 #| msgid "enable ssh-agent emulation"
 msgid "enable Win32-OpenSSH support"
 msgstr "aktivera ssh-agent-emulering"
 msgid "Options controlling the security"
 msgstr "Flaggor som kontrollerar säkerheten"
@ -1994,8 +1999,9 @@ msgstr "VARNING: \"%s\" är en föråldrad flagga - den har ingen effekt\n"
 msgid "error creating passphrase: %s\n"
 msgstr "fel när lösenfras skapades: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "kan inte använda symmetriska ESK-paket pga S2K-läge\n"
 #, fuzzy, c-format
@ -2078,9 +2084,19 @@ msgstr "ta bort oanvändbara delar från nyckeln under exportering"
 msgid "remove as much as possible from key during export"
 msgstr "ta bort så mycket som möjligt från nyckeln under exportering"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "generera ett spärrcertifikat"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "export av hemliga nycklar tillåts inte\n"
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
@ -2599,6 +2615,11 @@ msgstr "visa nyckelringens namn i nyckellistningar"
 msgid "show expiration dates during signature listings"
 msgstr "visa utgångsdatum under signaturlistningar"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "lista inställningar (expertläge)"
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown TOFU policy '%s'\n"
@ -2764,11 +2785,6 @@ msgstr "kommer inte att köra med osäkert minne på grund av %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "den valda chifferalgoritmen är ogiltig\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "vald sammandragsalgoritm är ogiltig\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "vald komprimeringsalgoritm är ogiltig\n"
@ -2822,12 +2838,6 @@ msgstr "ogiltiga standardinställningar\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "ogiltig inställning av personligt chiffer\n"
 # Du kan ange de algoritmer du föredrar i prioritetsordning. Då avgör inte enbart standard (symmetrisk kryptering) eller mottagarens preferenser (kryptering till öppen nyckel).
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "ogiltig inställning av personligt chiffer\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "ogiltig inställning av föredragna kontrollsummealgoritmer\n"
@ -2845,11 +2855,6 @@ msgstr "ogiltig nyckelstorlek; använder %u bitar\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s fungerar ännu inte med  %s\n"
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "du får inte använda chifferalgoritmen \"%s\" när du är i %s-läget\n"
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm `%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
@ -4062,18 +4067,6 @@ msgstr "ogiltigt fingeravtryck"
 msgid "subkey \"%s\" not found\n"
 msgstr "nyckeln \"%s\" hittades inte: %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Sammandrag: "
 msgid "Features: "
 msgstr "Funktioner: "
 msgid "Keyserver no-modify"
 msgstr "Nyckelserver no-modify"
 msgid "Preferred keyserver: "
 msgstr "Föredragen nyckelserver: "
@ -4939,6 +4932,18 @@ msgstr "Verkligen skapa? (j/N) "
 msgid "never     "
 msgstr "aldrig"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Sammandrag: "
 msgid "Features: "
 msgstr "Funktioner: "
 msgid "Keyserver no-modify"
 msgstr "Nyckelserver no-modify"
 msgid "Critical signature policy: "
 msgstr "Viktig signaturpolicy: "
@ -9804,6 +9809,22 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "vald sammandragsalgoritm är ogiltig\n"
 # Du kan ange de algoritmer du föredrar i prioritetsordning. Då avgör inte enbart standard (symmetrisk kryptering) eller mottagarens preferenser (kryptering till öppen nyckel).
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "ogiltig inställning av personligt chiffer\n"
 #, fuzzy
 #~| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "du får inte använda chifferalgoritmen \"%s\" när du är i %s-läget\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "tvinga symmetriskt chiffer med %s (%d) strider mot "
--- a/po/tr.po
+++ b/po/tr.po
@ -388,6 +388,11 @@ msgstr "|ALGO|ssh parmak izlerini göstermek için ALGO kullan"
 msgid "enable putty support"
 msgstr "putty desteğini etkinleştir"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "putty desteğini etkinleştir"
 msgid "Options controlling the security"
 msgstr "Güvenliği denetleyen seçenekler"
@ -1778,8 +1783,9 @@ msgstr "UYARI: %s anahtarı, %s kipinde şifreleme için uygun değil\n"
 msgid "error creating passphrase: %s\n"
 msgstr "anahtar parolası oluşturulurken hata: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "S2K kipi sayesinde bir simetrik ESK paketi kullanılamıyor\n"
 #, c-format
@ -1851,9 +1857,19 @@ msgstr "dışa aktarım sırasında anahtardan kullanışsız parçaları kaldı
 msgid "remove as much as possible from key during export"
 msgstr "dışa aktarım sırasında anahtardan olabildiğince çok şey kaldır"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "bir yürürlükten kaldırma sertifikası üret"
 msgid "use the GnuPG key backup format"
 msgstr "GnuPG yedekleme biçimini kullan"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "gizli anahtarların dışa aktarımına izin verilmez\n"
 msgid " - skipped"
 msgstr " - atlandı"
@ -2293,6 +2309,11 @@ msgstr "anahtar zinciri adını anahtar listelerinde göster"
 msgid "show expiration dates during signature listings"
 msgstr "imza listelemesi sırasında zaman aşımı tarihleri göster"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "tercihleri listele (uzman)"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "bilinmeyen TOFU poliçesi '%s'\n"
@ -2451,10 +2472,6 @@ msgstr "%s olmasından dolayı güvensiz bellekle çalıştırılmayacak\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "seçilen şifre algoritması geçersiz\n"
 #, c-format
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "seçili AEAD algoritması geçersiz\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "seçili sıkıştırma algoritması geçersiz\n"
@ -2499,10 +2516,6 @@ msgstr "geçersiz öntanımlı tercihler\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "geçersiz kişisel şifre tercihleri\n"
 #, c-format
 msgid "invalid personal AEAD preferences\n"
 msgstr "geçersiz kişisel AEAD tercihler\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "geçersiz kişisel özet tercihleri\n"
@ -2519,10 +2532,6 @@ msgstr "parça boyutu geçersiz - %d kullanılıyor\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s, %s ile henüz çalışmıyor\n"
 #, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "'%s' AEAD algoritması, %s kipinde kullanılamayabilir\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "'%s' sıkıştırma algoritması, %s kipinde kullanılamayabilir\n"
@ -3665,18 +3674,6 @@ msgstr "\"%s\", düzgün bir parmak izi değil\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "yardımcı anahtar \"%s\" bulunamadı\n"
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Özet: "
 msgid "Features: "
 msgstr "Özellikler: "
 msgid "Keyserver no-modify"
 msgstr "Anahtar sunucusu değişmez"
 msgid "Preferred keyserver: "
 msgstr "Tercih edilen anahtar sunucusu: "
@ -4488,6 +4485,18 @@ msgstr "Gerçekten üretilsin mi? (e/H) "
 msgid "never     "
 msgstr "asla      "
 msgid "AEAD: "
 msgstr "AEAD: "
 msgid "Digest: "
 msgstr "Özet: "
 msgid "Features: "
 msgstr "Özellikler: "
 msgid "Keyserver no-modify"
 msgstr "Anahtar sunucusu değişmez"
 msgid "Critical signature policy: "
 msgstr "Kritik imza guvencesi: "
@ -8879,6 +8888,15 @@ msgstr "Yubikey yönetim konsolu"
 msgid "manage the command history"
 msgstr "komut geçmişini yönet"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "seçili AEAD algoritması geçersiz\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "geçersiz kişisel AEAD tercihler\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "'%s' AEAD algoritması, %s kipinde kullanılamayabilir\n"
 #~ msgid "run in supervised mode"
 #~ msgstr "yönetilen kipte çalıştır"
--- a/po/uk.po
+++ b/po/uk.po
@ -403,6 +403,11 @@ msgstr "|АЛГО|використати алгоритм АЛГО для пок
 msgid "enable putty support"
 msgstr "увімкнути підтримку putty"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "увімкнути підтримку putty"
 msgid "Options controlling the security"
 msgstr "Параметри керування захистом"
@ -1829,8 +1834,9 @@ msgstr "УВАГА: ключ %s не можна використовувати
 msgid "error creating passphrase: %s\n"
 msgstr "помилка під час спроби створення пароля: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "не можна використовувати симетричний пакет ESK через режим S2K\n"
 #, fuzzy, c-format
@ -1910,9 +1916,19 @@ msgstr "вилучити невикористовувані частини кл
 msgid "remove as much as possible from key during export"
 msgstr "вилучити максимум частин з ключа під час експортування"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "створити сертифікат відкликання"
 msgid "use the GnuPG key backup format"
 msgstr "використовувати формат резервних копій ключів GnuPG"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "експортування закритих ключів заборонено\n"
 msgid " - skipped"
 msgstr " - пропущено"
@ -2380,6 +2396,11 @@ msgstr "показувати назву сховища ключів у спис
 msgid "show expiration dates during signature listings"
 msgstr "показувати дати завершення строків дії у списку підписів"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "список переваг (експертний)"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "невідомі правила TOFU «%s»\n"
@ -2540,11 +2561,6 @@ msgstr "не буде запущено з помилками у захисті
 msgid "selected cipher algorithm is invalid\n"
 msgstr "вибраний алгоритм шифрування є некоректним\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "вибраний алгоритм побудови контрольних сум є некоректним\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "вибраний алгоритм стискання є некоректним\n"
@ -2592,11 +2608,6 @@ msgstr "некоректні типові параметри\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "некоректні особисті параметри шифрування\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "некоректні особисті параметри шифрування\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "некоректні особисті параметри контрольної суми\n"
@ -2614,11 +2625,6 @@ msgstr "некоректний розмір ключа; використовує
 msgid "%s does not yet work with %s\n"
 msgstr "%s ще не може працювати разом з %s\n"
 #, fuzzy, c-format
 #| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "алгоритм шифрування «%s» не можна використовувати у режимі %s\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "алгоритм стискання «%s» не можна використовувати у режимі %s\n"
@ -3774,18 +3780,6 @@ msgstr "«%s» не є належним відбитком\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "не знайдено підключ «%s»\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Контрольна сума: "
 msgid "Features: "
 msgstr "Можливості: "
 msgid "Keyserver no-modify"
 msgstr "Сервер ключів без можливості зміни"
 msgid "Preferred keyserver: "
 msgstr "Основний сервер ключів: "
@ -4618,6 +4612,18 @@ msgstr "Створити? (y/N або т/Н) "
 msgid "never     "
 msgstr "ніколи    "
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "Контрольна сума: "
 msgid "Features: "
 msgstr "Можливості: "
 msgid "Keyserver no-modify"
 msgstr "Сервер ключів без можливості зміни"
 msgid "Critical signature policy: "
 msgstr "Критичні правила підпису: "
@ -9191,6 +9197,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "вибраний алгоритм побудови контрольних сум є некоректним\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "некоректні особисті параметри шифрування\n"
 #, fuzzy
 #~| msgid "cipher algorithm '%s' may not be used in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "алгоритм шифрування «%s» не можна використовувати у режимі %s\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr ""
 #~ "примусове використання симетричного шифру %s (%d) не відповідає "
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@ -376,6 +376,11 @@ msgstr "|ALGO|使用 ALGO 显示 ssh 指纹"
 msgid "enable putty support"
 msgstr "启用 putty 支持"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "启用 putty 支持"
 msgid "Options controlling the security"
 msgstr "控制安全的选项"
@ -1744,8 +1749,9 @@ msgstr "警告： 密钥 %s 在 %s 模式下不适用于加密\n"
 msgid "error creating passphrase: %s\n"
 msgstr "创建密码时出现错误：%s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "由于在 S2K 模式，不能使用一个对称的 ESK 封包\n"
 #, c-format
@ -1814,9 +1820,19 @@ msgstr "导出时移除密钥中未使用的部分"
 msgid "remove as much as possible from key during export"
 msgstr "导出时尽可能移除密钥中的可选部分"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "生成一份吊销证书"
 msgid "use the GnuPG key backup format"
 msgstr "使用 GnuPG 密钥备份格式"
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "不允许导出私钥\n"
 msgid " - skipped"
 msgstr " - 已跳过"
@ -2245,6 +2261,11 @@ msgstr "列出密钥时显示钥匙环的名称"
 msgid "show expiration dates during signature listings"
 msgstr "列出签名时显示过期日期"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "列出偏好设置（专家模式）"
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "未知的 TOFU 政策‘%s’\n"
@ -2400,10 +2421,6 @@ msgstr "不会在内存不安全的情况下运行，原因是 %s\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "所选的密文算法无效\n"
 #, c-format
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "所选择的 AEAD 算法无效\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "所选的压缩算法无效\n"
@ -2448,10 +2465,6 @@ msgstr "无效的默认偏好设置\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "无效的个人密文偏好设置\n"
 #, c-format
 msgid "invalid personal AEAD preferences\n"
 msgstr "无效的个人 AEAD 偏好设置\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "无效的个人摘要算法偏好设置\n"
@ -2468,10 +2481,6 @@ msgstr "块大小无效 - 使用 %d\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s 尚不能和 %s 并用\n"
 #, c-format
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "AEAD 算法‘%s’不能在 %s 模式下使用\n"
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "压缩算法‘%s’不能在 %s 模式下使用\n"
@ -3561,18 +3570,6 @@ msgstr "“%s” 不是一个正确的指纹\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "子密钥 “%s” 未找到\n"
 msgid "AEAD: "
 msgstr "AEAD： "
 msgid "Digest: "
 msgstr "摘要： "
 msgid "Features: "
 msgstr "特点： "
 msgid "Keyserver no-modify"
 msgstr "公钥服务器不可修改"
 msgid "Preferred keyserver: "
 msgstr "首选公钥服务器： "
@ -4351,6 +4348,18 @@ msgstr "真的要创建吗？(y/N) "
 msgid "never     "
 msgstr "永不     "
 msgid "AEAD: "
 msgstr "AEAD： "
 msgid "Digest: "
 msgstr "摘要： "
 msgid "Features: "
 msgstr "特点： "
 msgid "Keyserver no-modify"
 msgstr "公钥服务器不可修改"
 msgid "Critical signature policy: "
 msgstr "紧急签名策略： "
@ -8612,6 +8621,15 @@ msgstr "Yubikey 管理命令"
 msgid "manage the command history"
 msgstr "管理命令历史记录"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "所选择的 AEAD 算法无效\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "无效的个人 AEAD 偏好设置\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "AEAD 算法‘%s’不能在 %s 模式下使用\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "强行对称密文算法 %s (%d) 与接收者的偏好设置冲突\n"
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@ -405,6 +405,11 @@ msgstr ""
 msgid "enable putty support"
 msgstr "啟用 putty 支援"
 #, fuzzy
 #| msgid "enable putty support"
 msgid "enable Win32-OpenSSH support"
 msgstr "啟用 putty 支援"
 msgid "Options controlling the security"
 msgstr "控制著安全性的選項"
@ -1837,8 +1842,9 @@ msgstr "警告: \"%s%s\" 是已廢棄的選項 - 沒有效果\n"
 msgid "error creating passphrase: %s\n"
 msgstr "建立密語時出錯: %s\n"
-#, c-format
+#, fuzzy, c-format
-msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgid "can't use a SKESK packet due to the S2K mode\n"
 msgstr "因處於 S2K 模式下而無法使用對稱式 ESK 封包\n"
 #, fuzzy, c-format
@ -1912,9 +1918,19 @@ msgstr "匯出時從金鑰中移除無法使用的部分"
 msgid "remove as much as possible from key during export"
 msgstr "匯出時盡可能地從金鑰中移除"
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "export only revocation certificates"
 msgstr "產生撤銷憑證"
 msgid "use the GnuPG key backup format"
 msgstr ""
 #, fuzzy
 #| msgid "exporting secret keys not allowed\n"
 msgid "export secret keys using the GnuPG format"
 msgstr "不允許匯出私鑰\n"
 msgid " - skipped"
 msgstr " - 已跳過"
@ -2379,6 +2395,11 @@ msgstr "在金鑰清單中顯示鑰匙圈名稱"
 msgid "show expiration dates during signature listings"
 msgstr "列出簽章時顯示有效期限"
 #, fuzzy
 #| msgid "list preferences (expert)"
 msgid "show preferences"
 msgstr "列出偏好 (專家模式)"
 #, fuzzy, c-format
 #| msgid "unknown option '%s'\n"
 msgid "unknown TOFU policy '%s'\n"
@ -2538,11 +2559,6 @@ msgstr "因為 %s 而不會在不安全的記憶體中執行\n"
 msgid "selected cipher algorithm is invalid\n"
 msgstr "所選的編密演算法無效\n"
 #, fuzzy, c-format
 #| msgid "selected digest algorithm is invalid\n"
 msgid "selected AEAD algorithm is invalid\n"
 msgstr "所選的摘要演算法無效\n"
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "所選的壓縮演算法無效\n"
@ -2587,11 +2603,6 @@ msgstr "無效的預設偏好\n"
 msgid "invalid personal cipher preferences\n"
 msgstr "無效的個人編密法偏好\n"
 #, fuzzy, c-format
 #| msgid "invalid personal cipher preferences\n"
 msgid "invalid personal AEAD preferences\n"
 msgstr "無效的個人編密法偏好\n"
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "無效的個人摘要偏好\n"
@ -2609,11 +2620,6 @@ msgstr "金鑰尺寸無效; 改用 %u 位元\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s 還沒辦法跟 %s 一起運作\n"
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
 msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 msgstr "你不該將 '%s' 編密演算法用於 %s 模式\n"
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm '%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
@ -3752,18 +3758,6 @@ msgstr "\"%s\" 不是指紋\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "找不到金鑰 \"%s\": %s\n"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "摘要: "
 msgid "Features: "
 msgstr "特點: "
 msgid "Keyserver no-modify"
 msgstr "金鑰伺服器無修改"
 msgid "Preferred keyserver: "
 msgstr "偏好的金鑰伺服器: "
@ -4578,6 +4572,18 @@ msgstr "真的要建立嗎? (y/N) "
 msgid "never     "
 msgstr "永遠不過期"
 msgid "AEAD: "
 msgstr ""
 msgid "Digest: "
 msgstr "摘要: "
 msgid "Features: "
 msgstr "特點: "
 msgid "Keyserver no-modify"
 msgstr "金鑰伺服器無修改"
 msgid "Critical signature policy: "
 msgstr "關鍵簽章原則: "
@ -8999,6 +9005,21 @@ msgstr ""
 msgid "manage the command history"
 msgstr ""
 #, fuzzy
 #~| msgid "selected digest algorithm is invalid\n"
 #~ msgid "selected AEAD algorithm is invalid\n"
 #~ msgstr "所選的摘要演算法無效\n"
 #, fuzzy
 #~| msgid "invalid personal cipher preferences\n"
 #~ msgid "invalid personal AEAD preferences\n"
 #~ msgstr "無效的個人編密法偏好\n"
 #, fuzzy
 #~| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
 #~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
 #~ msgstr "你不該將 '%s' 編密演算法用於 %s 模式\n"
 #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 #~ msgstr "強迫使用 %s (%d) 對稱式編密法會違反收件者偏好設定\n"
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@ -744,7 +744,15 @@ select_and_read_record (app_t app, unsigned short efid, int recno,
  /* On CardOS with a Linear TLV file structure the records starts
   * with some tag (often the record number) followed by the length
   * byte for this record.  Detect and remove this prefix.  */
-  if (*buflen > 2 && (*buffer)[0] != 0x30 && (*buffer)[1] == *buflen - 2)
+  if (*buflen == 2 && !(*buffer)[0] && !(*buffer)[1])
    ;  /* deleted record.  */
  else if (*buflen > 3 && (*buffer)[0] == 0xff
           && buf16_to_uint ((*buffer)+1) == *buflen - 3)
    {
      memmove (*buffer, *buffer + 3, *buflen - 3);
      *buflen = *buflen - 3;
    }
  else if (*buflen > 2 && (*buffer)[0] != 0x30 && (*buffer)[1] == *buflen - 2)
    {
      memmove (*buffer, *buffer + 2, *buflen - 2);
      *buflen = *buflen - 2;
@ -1771,6 +1779,9 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
     starting with 0x00 or 0xff as these values are commonly used to
     pad data blocks and are no valid ASN.1 encoding.  Note the
     special handling for record mode at the end of the loop. */
  if (record_mode && buflen == 2 && !buffer[0] && !buffer[1])
    goto next_record;  /* Deleted record - continue with next */
  while (n && *p && *p != 0xff)
    {
      const unsigned char *pp;
@ -2028,6 +2039,8 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
              err = 0;
            goto leave;
          }
          if (buflen == 2 && !buffer[0] && !buffer[1])
            goto next_record;  /* Deleted record - continue with next */
          p = buffer;
          n = buflen;
        }
@ -2077,6 +2090,9 @@ read_ef_pukdf (app_t app, unsigned short fid, pukdf_object_t *result)
   * starting with 0x00 or 0xff as these values are commonly used to
   * pad data blocks and are no valid ASN.1 encoding.  Note the
   * special handling for record mode at the end of the loop. */
  if (record_mode && buflen == 2 && !buffer[0] && !buffer[1])
    goto next_record;  /* Deleted record - continue with next */
  while (n && *p && *p != 0xff)
    {
      const unsigned char *pp;
@ -2354,6 +2370,8 @@ read_ef_pukdf (app_t app, unsigned short fid, pukdf_object_t *result)
              err = 0;
            goto leave;
          }
          if (buflen == 2 && !buffer[0] && !buffer[1])
            goto next_record;  /* Deleted record - continue with next */
          p = buffer;
          n = buflen;
        }
@ -2404,6 +2422,9 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
     starting with 0x00 or 0xff as these values are commonly used to
     pad data blocks and are no valid ASN.1 encoding.  Note the
     special handling for record mode at the end of the loop. */
  if (record_mode && buflen == 2 && !buffer[0] && !buffer[1])
    goto next_record;  /* Deleted record - continue with next */
  while (n && *p && *p != 0xff)
    {
      const unsigned char *pp;
@ -2625,8 +2646,8 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
      err = 0;
    next_record:
-      xfree (authid);
+      xfree (authid); authid = NULL;
-      xfree (label);
+      xfree (label); label = NULL;
      /* If the card uses a record oriented file structure, read the
       * next record.  Otherwise we keep on parsing the current buffer.  */
      recno++;
@ -2635,11 +2656,14 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
          xfree (buffer); buffer = NULL;
          err = select_and_read_record (app, 0, recno, "CDF",
                                        &buffer, &buflen, NULL);
-          if (err) {
+          if (err)
            {
              if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
                err = 0;
              goto leave;
            }
          if (buflen == 2 && !buffer[0] && !buffer[1])
            goto next_record;  /* Deleted record - continue with next */
          p = buffer;
          n = buflen;
        }
@ -2728,6 +2752,9 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
     starting with 0x00 or 0xff as these values are commonly used to
     pad data blocks and are no valid ASN.1 encoding.  Note the
     special handling for record mode at the end of the loop.  */
  if (record_mode && buflen == 2 && !buffer[0] && !buffer[1])
    goto next_record;  /* Deleted record - continue with next */
  while (n && *p && *p != 0xff)
    {
      const unsigned char *pp;
@ -3299,6 +3326,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
              err = 0;
            goto leave;
          }
          if (buflen == 2 && !buffer[0] && !buffer[1])
            goto next_record;  /* Deleted record - continue with next */
          p = buffer;
          n = buflen;
        }
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@ -70,8 +70,8 @@ common_libs = ../kbx/libkeybox509.a $(libcommonpth)
 gpgsm_LDADD = $(common_libs) ../common/libgpgrl.a \
              $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
              $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) \
-	      $(LIBICONV) $(resource_objs) $(extra_sys_libs) $(NETLIBS)
+	      $(LIBICONV) $(resource_objs) $(NETLIBS)
-gpgsm_LDFLAGS = $(extra_bin_ldflags)
+gpgsm_LDFLAGS =
 module_tests =
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@ -64,6 +64,8 @@ struct isvalid_status_parm_s {
  ctrl_t ctrl;
  int seen;
  unsigned char fpr[20];
  gnupg_isotime_t revoked_at;
  char *revocation_reason;  /* malloced or NULL */
 };
@ -491,6 +493,19 @@ isvalid_status_cb (void *opaque, const char *line)
      if (!*s || !unhexify_fpr (s, parm->fpr))
        parm->seen++; /* Bump it to indicate an error. */
    }
  else if ((s = has_leading_keyword (line, "REVOCATIONINFO")))
    {
      if (*s && strlen (s) >= 15)
        {
          memcpy (parm->revoked_at, s, 15);
          parm->revoked_at[15] = 0;
        }
      s += 15;
      while (*s && spacep (s))
        s++;
      xfree (parm->revocation_reason);
      parm->revocation_reason = *s? xtrystrdup (s) : NULL;
    }
  else if (warning_and_note_printer (line))
    {
    }
@ -510,12 +525,17 @@ isvalid_status_cb (void *opaque, const char *line)
  Values for USE_OCSP:
     0 = Do CRL check.
-     1 = Do an OCSP check but fallback to CRL unless CRLS are disabled.
+     1 = Do an OCSP check but fallback to CRL unless CRLs are disabled.
-     2 = Do only an OCSP check using only the default responder.
+     2 = Do only an OCSP check (used for the chain model).
   If R_REVOKED_AT pr R_REASON are not NULL and the certificate has
   been revoked the revocation time and the reason are copied to there.
   The caller needs to free R_REASON.
 */
-int
+gpg_error_t
 gpgsm_dirmngr_isvalid (ctrl_t ctrl,
-                       ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp)
+                       ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp,
                       gnupg_isotime_t r_revoked_at, char **r_reason)
 {
  static int did_options;
  int rc;
@ -524,6 +544,11 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
  struct inq_certificate_parm_s parm;
  struct isvalid_status_parm_s stparm;
  if (r_revoked_at)
    *r_revoked_at = 0;
  if (r_reason)
    *r_reason = NULL;
  rc = start_dirmngr (ctrl);
  if (rc)
    return rc;
@ -553,6 +578,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
  stparm.ctrl = ctrl;
  stparm.seen = 0;
  memset (stparm.fpr, 0, 20);
  stparm.revoked_at[0] = 0;
  stparm.revocation_reason = NULL;
  /* It is sufficient to send the options only once because we have
   * one connection per process only.  */
@ -563,9 +590,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
                         NULL, NULL, NULL, NULL, NULL, NULL);
      did_options = 1;
    }
-  snprintf (line, DIM(line), "ISVALID%s%s %s%s%s",
+  snprintf (line, DIM(line), "ISVALID%s %s%s%s",
-            use_ocsp == 2 || opt.no_crl_check ? " --only-ocsp":"",
+            (use_ocsp == 2 || opt.no_crl_check) ? " --only-ocsp":"",
            use_ocsp == 2? " --force-default-responder":"",
            certid,
            use_ocsp? " ":"",
            use_ocsp? certfpr:"");
@ -578,6 +604,19 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
  if (opt.verbose > 1)
    log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
  if (gpg_err_code (rc) == GPG_ERR_CERT_REVOKED
      && !check_isotime (stparm.revoked_at))
    {
      if (r_revoked_at)
        gnupg_copy_time (r_revoked_at, stparm.revoked_at);
      if (r_reason)
        {
          *r_reason = stparm.revocation_reason;
          stparm.revocation_reason = NULL;
        }
    }
  if (!rc && stparm.seen)
    {
      /* Need to also check the certificate validity. */
@ -635,7 +674,9 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
          ksba_cert_release (rspcert);
        }
    }
  release_dirmngr (ctrl);
  xfree (stparm.revocation_reason);
  return rc;
 }
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -350,7 +350,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
      /* With no critical policies this is only a warning */
      if (!any_critical)
        {
-          if (!opt.quiet)
+          if (opt.verbose)
            do_list (0, listmode, fplist,
                     _("Note: non-critical certificate policy not allowed"));
          return 0;
@ -380,6 +380,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
                  /* With no critical policies this is only a warning */
                  if (!any_critical)
                    {
                      if (opt.verbose)
                        do_list (0, listmode, fplist,
                     _("Note: non-critical certificate policy not allowed"));
                      return 0;
@ -1187,11 +1188,13 @@ gpgsm_is_root_cert (ksba_cert_t cert)
 /* This is a helper for gpgsm_validate_chain. */
 static gpg_error_t
-is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
+is_cert_still_valid (ctrl_t ctrl, int chain_model, int lm, estream_t fp,
                     ksba_cert_t subject_cert, ksba_cert_t issuer_cert,
                     int *any_revoked, int *any_no_crl, int *any_crl_too_old)
 {
  gpg_error_t err;
  gnupg_isotime_t revoked_at;
  char *reason;
  if (ctrl->offline || (opt.no_crl_check && !ctrl->use_ocsp))
    {
@ -1201,7 +1204,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
    }
-  if (!(force_ocsp || ctrl->use_ocsp)
+  if (!(chain_model || ctrl->use_ocsp)
      && !opt.enable_issuer_based_crl_check)
    {
      err = ksba_cert_get_crl_dist_point (subject_cert, 0, NULL, NULL, NULL);
@ -1220,7 +1223,20 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
  err = gpgsm_dirmngr_isvalid (ctrl,
                               subject_cert, issuer_cert,
-                               force_ocsp? 2 : !!ctrl->use_ocsp);
+                               chain_model? 2 : !!ctrl->use_ocsp,
                               revoked_at, &reason);
  if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED)
    {
      gnupg_copy_time (ctrl->revoked_at, revoked_at);
      xfree (ctrl->revocation_reason);
      ctrl->revocation_reason = reason;
      reason = NULL;
    }
  else
    {
      xfree (reason);
      reason = (NULL);
    }
  audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);
  if (err)
@ -1230,6 +1246,21 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
      switch (gpg_err_code (err))
        {
        case GPG_ERR_CERT_REVOKED:
          if (!check_isotime (ctrl->revoked_at))
            {
              char *tmpstr;
              const unsigned char *t = ctrl->revoked_at;
              tmpstr = xtryasprintf ("%.4s-%.2s-%.2s %.2s:%.2s:%s (%s)",
                                     t, t+4, t+6, t+9, t+11, t+13,
                                     ctrl->revocation_reason?
                                     ctrl->revocation_reason : "");
              do_list (1, lm, fp, "%s: %s",
                       _("certificate has been revoked"), tmpstr);
              xfree (tmpstr);
            }
          else
            do_list (1, lm, fp, _("certificate has been revoked"));
          *any_revoked = 1;
          /* Store that in the keybox so that key listings are able to
@ -2158,10 +2189,13 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
    {
      *retflags |= VALIDATE_FLAG_STEED;
    }
-  else if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED
+  else if (!(flags & VALIDATE_FLAG_CHAIN_MODEL)
      && !(flags & VALIDATE_FLAG_CHAIN_MODEL)
           && (rootca_flags.valid && rootca_flags.chain_model))
    {
      /* The root CA indicated that the chain model is to be used but
       * we have not yet used it.  Thus do the validation again using
       * the chain model.  */
      if (opt.verbose)
        do_list (0, listmode, listfp, _("switching to chain model"));
      rc = do_validate_chain (ctrl, cert, checktime,
                              r_exptime, listmode, listfp,
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -2228,6 +2228,8 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl)
  ctrl->use_ocsp = opt.enable_ocsp;
  ctrl->validation_model = default_validation_model;
  ctrl->offline = opt.disable_dirmngr;
  ctrl->revoked_at[0] = 0;
  ctrl->revocation_reason = NULL;
 }
@ -2237,6 +2239,8 @@ void
 gpgsm_deinit_default_ctrl (ctrl_t ctrl)
 {
  gpgsm_keydb_deinit_session_data (ctrl);
  xfree (ctrl->revocation_reason);
  ctrl->revocation_reason = NULL;
 }
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -264,6 +264,10 @@ struct server_control_s
  /* The current time.  Used as a helper in certchain.c.  */
  ksba_isotime_t current_time;
  /* The revocation info.  Used as a helper inc ertchain.c */
  gnupg_isotime_t revoked_at;
  char *revocation_reason;
 };
@ -494,9 +498,11 @@ gpg_error_t gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip,
                                    size_t *r_resultlen);
 /*-- call-dirmngr.c --*/
-int gpgsm_dirmngr_isvalid (ctrl_t ctrl,
+gpg_error_t gpgsm_dirmngr_isvalid (ctrl_t ctrl,
                                   ksba_cert_t cert, ksba_cert_t issuer_cert,
-                           int use_ocsp);
+                                   int use_ocsp,
                                   gnupg_isotime_t r_revoked_at,
                                   char **r_reason);
 int gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, const char *uri,
                          int cache_only,
                          void (*cb)(void*, ksba_cert_t), void *cb_value);
--- a/sm/keydb.c
+++ b/sm/keydb.c
@ -2027,7 +2027,7 @@ keydb_set_cert_flags (ctrl_t ctrl, ksba_cert_t cert, int ephemeral,
  err = keydb_search_fpr (ctrl, kh, fpr);
  if (err)
    {
-      if (gpg_err_code (err) != gpg_error (GPG_ERR_NOT_FOUND))
+      if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
        log_error (_("problem re-searching certificate: %s\n"),
                   gpg_strerror (err));
      keydb_release (kh);
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -1201,6 +1201,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
    {
      err = gpgsm_validate_chain (ctrl, cert,
                                  GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
          && !check_isotime (ctrl->revoked_at))
        {
          es_fputs ("      revoked: ", fp);
          gpgsm_print_time (fp, ctrl->revoked_at);
          if (ctrl->revocation_reason)
            es_fprintf (fp, " (%s)", ctrl->revocation_reason);
          es_putc ('\n', fp);
        }
      if (!err)
        es_fprintf (fp, "  [certificate is good]\n");
      else
@ -1451,6 +1460,15 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
      err = gpgsm_validate_chain (ctrl, cert,
                                  GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
          && !check_isotime (ctrl->revoked_at))
        {
          es_fputs ("      revoked: ", fp);
          gpgsm_print_time (fp, ctrl->revoked_at);
          if (ctrl->revocation_reason)
            es_fprintf (fp, " (%s)", ctrl->revocation_reason);
          es_putc ('\n', fp);
        }
      tmperr = ksba_cert_get_user_data (cert, "is_qualified",
                                        &buffer, sizeof (buffer), &buflen);
      if (!tmperr && buflen)
--- a/sm/verify.c
+++ b/sm/verify.c
@ -299,6 +299,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
      unsigned int nbits;
      int pkalgo;
      char *pkalgostr = NULL;
      char *pkcurve = NULL;
      char *pkfpr = NULL;
      unsigned int pkalgoflags, verifyflags;
@ -457,7 +458,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
      pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
      pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
-      pkalgo = gpgsm_get_key_algo_info (cert, &nbits);
+      pkalgo = gpgsm_get_key_algo_info2 (cert, &nbits, &pkcurve);
      /* Remap the ECC algo to the algo we use.  Note that EdDSA has
       * already been mapped.  */
      if (pkalgo == GCRY_PK_ECC)
@ -513,9 +514,19 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
          goto next_signer;
        }
      /* Print compliance warning for the key.  */
      if (!opt.quiet
          && !gnupg_pk_is_compliant (opt.compliance, pkalgo, pkalgoflags,
                                     NULL, nbits, pkcurve))
          {
            log_info (_("WARNING: This key is not suitable for signing"
                        " in %s mode\n"),
                      gnupg_compliance_option_string (opt.compliance));
          }
      /* Check compliance with CO_DE_VS.  */
      if (gnupg_pk_is_compliant (CO_DE_VS, pkalgo, pkalgoflags,
-                                 NULL, nbits, NULL)
+                                 NULL, nbits, pkcurve)
          && gnupg_gcrypt_is_compliant (CO_DE_VS)
          && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo))
        gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE,
@ -528,7 +539,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
          gpgsm_errors_seen = 1;
        }
      /* Now we can check the signature.  */
      if (msgdigest)
        { /* Signed attributes are available. */
@ -715,6 +725,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
      gcry_sexp_release (sigval);
      xfree (msgdigest);
      xfree (pkalgostr);
      xfree (pkcurve);
      xfree (pkfpr);
      ksba_cert_release (cert);
      cert = NULL;
--- a/tests/gpgme/Makefile.am
+++ b/tests/gpgme/Makefile.am
@ -47,6 +47,7 @@ check: xcheck
 .PHONY: xcheck
 xcheck:
 	@$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests
 	$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \
 	  $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
@ -57,3 +58,6 @@ CLEANFILES = *.log report.xml
 # We need to depend on a couple of programs so that the tests don't
 # start before all programs are built.
 all-local: $(required_pgms)
 clean-local:
 	-rm -rf tests lang
--- a/tests/gpgme/all-tests.scm
+++ b/tests/gpgme/all-tests.scm
@ -41,7 +41,7 @@
    (test::scm
     #f
     #f
-     (path-join "tests" "gpgme" "setup.scm" "tests" "gpg")
+     (path-join "tests" "gpgme" "tests" "gpg")
     (in-srcdir "tests" "gpgme" "setup.scm")
     "--" "tests" "gpg")))
 (define setup-py
@ -49,7 +49,7 @@
    (test::scm
     #f
     #f
-     (path-join "tests" "gpgme" "setup.scm" "lang" "python" "tests")
+     (path-join "tests" "gpgme" "lang" "python" "tests")
     (in-srcdir "tests" "gpgme" "setup.scm")
     "--" "lang" "python" "tests")))
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@ -245,9 +245,9 @@ sample_msgs = samplemsgs/clearsig-1-key-1.asc \
 	      samplemsgs/clearsig-2-keys-1.asc \
 	      samplemsgs/clearsig-2-keys-2.asc \
 	      samplemsgs/enc-sym-cfb-1.asc \
-	      samplemsgs/enc-sym-cfb-1.asc \
+	      samplemsgs/enc-sym-cfb-2.asc \
 	      samplemsgs/enc-sym-ocb-1.asc \
 	      samplemsgs/enc-sym-ocb-1.asc \
 	      samplemsgs/enc-sym-ocb-2.asc \
 	      samplemsgs/enc-1-key-1.asc \
 	      samplemsgs/enc-1-key-2.asc \
 	      samplemsgs/enc-2-keys-1.asc \
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@ -98,7 +98,7 @@ gpgconf_LDADD = $(common_libs) \
                $(LIBINTL) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
 	        $(LIBICONV) $(W32SOCKLIBS) \
 	        $(gpgconf_rc_objs)
-gpgconf_LDFLAGS = $(extra_bin_ldflags)
+gpgconf_LDFLAGS =
 gpgconf_w32_SOURCES = $(gpgconf_SOURCES)
 gpgconf_w32_LDADD = $(gpgconf_LDADD)
--- a/tools/call-dirmngr.c
+++ b/tools/call-dirmngr.c
@ -124,10 +124,54 @@ wkd_get_status_cb (void *opaque, const char *line)
 {
  struct wkd_get_parm_s *parm = opaque;
  gpg_error_t err = 0;
  const char *s, *s2;
  const char *warn = NULL;
  int is_note = 0;
  (void)line;
  (void)parm;
  /* Note: The code below is mostly duplicated from g10/call-dirmngr.c */
  if ((s = has_leading_keyword (line, "WARNING"))
      || (is_note = !!(s = has_leading_keyword (line, "NOTE"))))
    {
      if ((s2 = has_leading_keyword (s, "wkd_cached_result")))
        {
          if (opt.verbose)
            warn = _("WKD uses a cached result");
        }
      else if ((s2 = has_leading_keyword (s, "tor_not_running")))
        warn = _("Tor is not running");
      else if ((s2 = has_leading_keyword (s, "tor_config_problem")))
        warn = _("Tor is not properly configured");
      else if ((s2 = has_leading_keyword (s, "dns_config_problem")))
        warn = _("DNS is not properly configured");
      else if ((s2 = has_leading_keyword (s, "http_redirect")))
        warn = _("unacceptable HTTP redirect from server");
      else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup")))
        warn = _("unacceptable HTTP redirect from server was cleaned up");
      else if ((s2 = has_leading_keyword (s, "tls_cert_error")))
        warn = _("server uses an invalid certificate");
      else
        warn = NULL;
      if (warn)
        {
          if (is_note)
            log_info (_("Note: %s\n"), warn);
          else
            log_info (_("WARNING: %s\n"), warn);
          if (s2 && opt.verbose)
            {
              while (*s2 && !spacep (s2))
                s2++;
              while (*s2 && spacep (s2))
                s2++;
              if (*s2)
                log_info ("(%s)\n", s2);
            }
        }
    }
  return err;
 }
--- a/tools/gpg-card.c
+++ b/tools/gpg-card.c
@ -1243,7 +1243,7 @@ cmd_list (card_info_t info, char *argstr)
  if (!info->serialno || info->need_sn_cmd)
    {
-      /* This is probably the first call or was explictly requested.
+      /* This is probably the first call or was explicitly requested.
       * We need to send a SERIALNO command to scdaemon so that our
       * session knows all cards.  */
      err = scd_serialno (NULL, NULL);
@ -2740,7 +2740,7 @@ cmd_passwd (card_info_t info, char *argstr)
       "in non-interactive and without a PINREF a default value is\n"
       "used for these cards.  The option --reset is used with TCOS\n"
       "cards to reset the PIN using the PUK or vice versa; --nullpin\n"
-       "is used for these cards to set the intial PIN.",
+       "is used for these cards to set the initial PIN.",
       0);
  if (opt.interactive || opt.verbose)
@ -2939,7 +2939,7 @@ cmd_passwd (card_info_t info, char *argstr)
      else if (!ascii_strcasecmp (pinref, "OPENPGP.3"))
        log_info ("Admin PIN changed.\n");
      else if (reset_mode)
-        log_info ("PIN resetted.\n");
+        log_info ("PIN reset.\n");
      else
        log_info ("PIN changed.\n");
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@ -1115,6 +1115,9 @@ command_check (char *userid)
          log_info ("    created: %s\n", asctimestamp (sl->created));
          if (sl->mbox)
            log_info ("  addr-spec: %s\n", sl->mbox);
          if (sl->expired || sl->revoked)
            log_info ("    flags:%s%s\n",
                      sl->expired? " expired":"", sl->revoked?" revoked":"");
        }
    }
  if (!found)
@ -1123,6 +1126,19 @@ command_check (char *userid)
                 addrspec);
      err = gpg_error (GPG_ERR_CERT_REVOKED);
    }
  else if (opt.output)
    {
      /* Save to file.  */
      const char *fname = opt.output;
      if (*fname == '-' && !fname[1])
        fname = NULL;
      es_rewind (key);
      err = wks_write_to_file (key, fname);
      if (err)
        log_error ("writing key to '%s' failed: %s\n",
                   fname? fname : "[stdout]", gpg_strerror (err));
    }
 leave:
  xfree (fpr);
@ -1153,6 +1169,7 @@ command_send (const char *fingerprint, const char *userid)
  uidinfo_list_t uidlist = NULL;
  uidinfo_list_t uid, thisuid;
  time_t thistime;
  int any;
  if (classify_user_id (fingerprint, &desc, 1)
      || desc.mode != KEYDB_SEARCH_MODE_FPR)
@ -1213,12 +1230,20 @@ command_send (const char *fingerprint, const char *userid)
    }
  thistime = 0;
  thisuid = NULL;
  any = 0;
  for (uid = uidlist; uid; uid = uid->next)
    {
      if (!uid->mbox)
        continue; /* Should not happen anyway.  */
      if (policy->mailbox_only && ascii_strcasecmp (uid->uid, uid->mbox))
        continue; /* UID has more than just the mailbox.  */
      if (uid->expired)
        {
          if (opt.verbose)
            log_info ("ignoring expired user id '%s'\n", uid->uid);
          continue;
        }
      any = 1;
      if (uid->created > thistime)
        {
          thistime = uid->created;
@ -1227,6 +1252,14 @@ command_send (const char *fingerprint, const char *userid)
    }
  if (!thisuid)
    thisuid = uidlist;  /* This is the case for a missing timestamp.  */
  if (!any)
    {
      log_error ("public key %s has no mail address '%s'\n",
                 fingerprint, addrspec);
      err = gpg_error (GPG_ERR_INV_USER_ID);
      goto leave;
    }
  if (opt.verbose)
    log_info ("submitting key with user id '%s'\n", thisuid->uid);
@ -1968,6 +2001,8 @@ mirror_one_key (estream_t key)
    {
      if (!uid->mbox || (uid->flags & 1))
        continue; /* No mail box or already processed.  */
      if (uid->expired)
        continue;
      if (!domain_matches_mbox (domain, uid->mbox))
        continue; /* We don't want this one.  */
      if (is_in_blacklist (uid->mbox))
--- a/tools/gpg-wks.h
+++ b/tools/gpg-wks.h
@ -81,6 +81,8 @@ struct uidinfo_list_s
  time_t created; /* Time the userid was created.  */
  char *mbox;  /* NULL or the malloced mailbox from UID.  */
  unsigned int flags;  /* These flags are cleared on creation.  */
  unsigned int expired:1;
  unsigned int revoked:1;
  char uid[1];
 };
 typedef struct uidinfo_list_s *uidinfo_list_t;
@ -104,6 +106,7 @@ gpg_error_t wks_send_mime (mime_maker_t mime);
 gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream,
                              int ignore_unknown);
 void wks_free_policy (policy_flags_t policy);
 gpg_error_t wks_write_to_file (estream_t src, const char *fname);
 gpg_error_t wks_fname_from_userid (const char *userid, int hash_only,
                                   char **r_fname, char **r_addrspec);
--- a/Show More
+++ b/Show More